Last post Oct 04, 2010 10:18 PM by JonF
Nov 17, 2008 10:15 AM|Gregale.net|LINK
Appreciate if someone could point to the right answer on how to overcome this error. By clicking the Button3, the
ExportedFilePDF.pdf should be copied to the \\presario remote machine. So far, no security issue on the same configuration in IIS6 + W2K3.
Protected Sub Button3_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button3.Click
File.Copy("C:\BackOffice\Export\ExportedFilePDF.pdf", "\\presario\FaxServer\Outbox\ExportedFilePDF.pdf", True)
Catch ex As Exception
Response.Write("Error copying file | " & ex.ToString)
The browser will generate this error message when the Button3 is clicked.
Error copying file | System.UnauthorizedAccessException: Access to the path '\\presario\FaxServer\Outbox\ExportedFilePDF.pdf' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName,
String destFileName, Boolean overwrite) at Test5.Button3_Click(Object sender, EventArgs e)
I might overlooked on IIS 7 setting but just don't know which configuration parameters should I touch for now. Thanks.
IIS 7 & W2K8 - Access to path is denied. File copy.
Nov 18, 2008 03:31 AM|Gregale.net|LINK
Today, I managed to move this project development to W2K8 + IIS7 + VS2008, then found no unauthorized access (the pdf is successfullly copied to the remote folder) if debugging run through VS or localhost
http://localhost:49264/BackOffice/test5.aspx. However, still encountering the unathorized access message if access it through the published website or
It might related to remote access permission on workgroup environment but why does the copy only working on debugging mode, not on published mode?
Appreciate any suggestion [Idea]
Nov 20, 2008 06:26 AM|Wencui Qian - MSFT|LINK
Based on the description, it's probably caused by the permission issues. As you know, when you debug in Visual Studio, the ASP.NET application is running under a logged-on system account(when you're in a domain, it's probably a domain user). If allowed,
it can do file operations in a remote machine.
However, it's different with running ASP.NET application in IIS. By default, it's running under ASPNET in IIS 5 or Network Service in IIS 6/7. The account has no permissions to access remote resources. Since you need to copy a file to a remote machine, you
have to grant the account(Network Service) required permissions in the remote machine. Then you can do file operations. But I don't recommend you to do that. It's better to programmatically impersonate a domain user when necessary. In this case, you will have
no need to configurate in the remote server.
For impersonating a user programmatically, you could check this link:
Nov 24, 2008 02:56 AM|Gregale.net|LINK
I've tried creating an account (IUSR) in both machines (server and remote), shared path mapping is writeable from server, but still trigger the access denied message from the ASP application even the access has been given to these ASP.net, NETWORK, NETWORK
SERVICE, IUSR, SYSTEM, Everyone and Administrators accounts. Have I overlooked on any special security setting in IIS7 or W2K8?
Or I might look on impersonating one day, will update you on this. However, can it be done on 'Form authentication mode'?
Nov 24, 2008 07:20 AM|Wencui Qian - MSFT|LINK
Thanks for your followup Gregale.net.
Based on my test, you could choose either of these two ways. The recommended one is to use a domain user. As mentioned above, you could use impersonation programmatically. The second one is also suitable if you're not familiar with impersonation. I tested
it and everything works well. Here're the steps:
After these steps, you could resolve the problem.
Nov 25, 2008 01:54 AM|Gregale.net|LINK
Now, the file is copied successfully.
Thanks wencui. You are my man.
For anyone out there,
The step from 1 to 4 are straight forward, step 5 will be a bit tricky on IIS7(if you are not familiar yet). No useful article found from the net on the step 5. However, this link at least will guide you through.
Nov 25, 2008 02:26 AM|Wencui Qian - MSFT|LINK
Glad to hear that it can help you. For IIS 7, you could reset the ApplicationPool Identity step by step.
Aug 22, 2009 09:54 AM|regey|LINK
it's very helpful, thanks a lot
Oct 04, 2010 10:18 PM|JonF|LINK
My application manages files on the server file system (insert, update, delete) I just made a migration from win 2003 to 2008 R2 and found access denied errors on deletes.
After some searching I found there is a function for IIS7.5 that uses the AppPool identity for security. This isn't a real user account it's a 'virtual account' that the AppPool uses. New files had the account but when I tried to add it to a file or folder
the account doesn't exist when you 'check names' in the security dialog box. Confusing...
Then I found this:
You have to manually add the whole account information: i.e.: iis AppPool\<name> and then give the account 'modify' access for it to work.
I'd like to reset the inheritance on the whole directory but I've not found a good way to handle this.
Has anyone found a way to handle this without resetting security permissions?