Can somebody help me with this error. Everytime when I upload a newly compiled version of my code I get this error. When I resubmit the documents using the upload function in my app the error is not reproduceable. Can anyone think of why? The path to
the document is stored in a SQL Server 2005 database and the file in a folder as shown below.
Server Error in '/' Application.
Access to the path 'D:\amemso\employment\paramedics_ms.pdf' is denied.
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path 'D:\amemso\employment\paramedics_ms.pdf' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
My first guess is that your app pool user or anonymous user doesn't have proper permissions to the file itself. Though your reply suggests that you have probably already checked that. If this is on IIS6, the ASPNET user isn't used anymore. Your NETWORK
SERVICE (by default) is the one that your app pool runs under. Make sure to check your anonymous user (IUSR_machinename) also has permissions.
A great tool to find out for sure is filemon (or its replacement: processmonitor) from
www.sysinternals.com. It's quick and easy to learn and safe on a production server. It will tell you exactly which user is denied permissions to what.
Another possibility is Code Access Security (CAS). Is your server set to run in partial trust? If 'D:\amemso\employment\paramedics_ms.pdf' is outside of your site root and the server is set to run in partial trust, then you can run into that issue.
Another remote possibility is that you are writing to the file and it is marked as read-only. That can also cause it to fail with an error like this.
Thanks a lot for your help. Actually, after I replied to Steve, I figured out what was wrong. I had to give permissions the NETWORK SERVICE account for the Website and not just the ASP.Net temp folder. It is working now. Thank you very much, both of you
for taking time and guiding me in the right direction. Here's the Website if you'd like to take a look:
http://www.emsontario.ca
First make sure that the the application pool identity user is the Network Service Account,if so then allow the Network Service Account Read Access to the preceding registry key
You need to use an administrator account with permission to alter the registry security to perform the following steps:
1. On the taskbar, click Start, and then click Run. Type regedit in the Open box, and then click OK.
2. Expand the outline list in the left panel to locate the desired folder icon at the preceding registry path.
3. Right-click the desired folder, and then click Permissions.
4. In the Permission for Servers dialog box, click the Add button.
5. In the Select Users, Computers, or Groups dialog box, type NETWORK SERVICE in the text box, and then click Check Names. The Network Service name will be underlined; this indicates that it is a valid security principal. Click OK.
6. In the Permissions for Servers dialog box, click the Network Service user name from the list, and in the Permissions for NETWORK SERVICE section, click Advanced.
7. In the Advanced Security Settings for Servers dialog box, click Network Service, and then click Edit.
8. In the Permission Entry for Servers dialog box, select the Set Value and Create Subkey check boxes in the Allow column to permit read access. Click OK several times until the Permissions dialog box closes.
NOTE: If you have another user instead of the Network Service account on the application pool identity, Then give this account read permission on your registery (folder).
First make sure that the the application pool identity user is the Network Service Account,if so then allow the Network Service Account Read Access to the preceding registry key
You need to use an administrator account with permission to alter the registry security to perform the following steps:
1. On the taskbar, click Start, and then click Run. Type regedit in the Open box, and then click OK.
2. Expand the outline list in the left panel to locate the desired folder icon at the preceding registry path.
3. Right-click the desired folder, and then click Permissions.
4. In the Permission for Servers dialog box, click the Add button.
5. In the Select Users, Computers, or Groups dialog box, type NETWORK SERVICE in the text box, and then click Check Names. The Network Service name will be underlined; this indicates that it is a valid security principal. Click OK.
6. In the Permissions for Servers dialog box, click the Network Service user name from the list, and in the Permissions for NETWORK SERVICE section, click Advanced.
7. In the Advanced Security Settings for Servers dialog box, click Network Service, and then click Edit.
8. In the Permission Entry for Servers dialog box, select the Set Value and Create Subkey check boxes in the Allow column to permit read access. Click OK several times until the Permissions dialog box closes.
NOTE: If you have another user instead of the Network Service account on the application pool identity, Then give this account read permission on your registery (folder).
kami
Member
6 Points
7 Posts
UnauthorizedAccessException
Mar 05, 2007 05:41 PM|LINK
Server Error in '/' Application.
Access to the path 'D:\amemso\employment\paramedics_ms.pdf' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.UnauthorizedAccessException: Access to the path 'D:\amemso\employment\paramedics_ms.pdf' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
Stack Trace:
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210
iis 60
Steve@Planet
Member
681 Points
275 Posts
Re: UnauthorizedAccessException
Mar 05, 2007 09:37 PM|LINK
Hi,
This is because the ASPNET account and the NETWORK SERVICE account do not have the correct permissions to the "Temporary ASP.NET Files" folder.
Browse to <drive>:\windows\microsoft.net\framework\v 2.0.50727\ and then edit the security settings on the "Temporary ASP.NET Files" folder.
Make sure ASPNET and NETWORK SERVICE accounts have the following permissions:
Modify, Read and Execute, List Folder Contents, Read and Write
Steve
kami
Member
6 Points
7 Posts
Re: UnauthorizedAccessException
Mar 06, 2007 02:41 AM|LINK
Thanks Steve,
This doesn't work either, since I have already assigned full control to the ASPNET and NETWORK SERVICE accounts. Any other idea?
Thanks,
Kami
OWScott
Participant
1939 Points
360 Posts
ASPInsiders
MVP
Re: UnauthorizedAccessException
Mar 06, 2007 03:07 AM|LINK
Hi Kami,
My first guess is that your app pool user or anonymous user doesn't have proper permissions to the file itself. Though your reply suggests that you have probably already checked that. If this is on IIS6, the ASPNET user isn't used anymore. Your NETWORK SERVICE (by default) is the one that your app pool runs under. Make sure to check your anonymous user (IUSR_machinename) also has permissions.
A great tool to find out for sure is filemon (or its replacement: processmonitor) from www.sysinternals.com. It's quick and easy to learn and safe on a production server. It will tell you exactly which user is denied permissions to what.
Another possibility is Code Access Security (CAS). Is your server set to run in partial trust? If 'D:\amemso\employment\paramedics_ms.pdf' is outside of your site root and the server is set to run in partial trust, then you can run into that issue.
Another remote possibility is that you are writing to the file and it is marked as read-only. That can also cause it to fail with an error like this.
Scott
</div>Microsoft MVP - IIS
Vaasnet
www.vaasnet.com
kami
Member
6 Points
7 Posts
Re: UnauthorizedAccessException
Mar 06, 2007 03:16 AM|LINK
Hi Scott,
Thanks a lot for your help. Actually, after I replied to Steve, I figured out what was wrong. I had to give permissions the NETWORK SERVICE account for the Website and not just the ASP.Net temp folder. It is working now. Thank you very much, both of you for taking time and guiding me in the right direction. Here's the Website if you'd like to take a look: http://www.emsontario.ca
Cheers,
Kami
http://www.ant-ca.com
OWScott
Participant
1939 Points
360 Posts
ASPInsiders
MVP
Re: UnauthorizedAccessException
Mar 06, 2007 03:34 AM|LINK
Hi Kami,
Great, glad you got it working. Love the site! Thanks for the update.
Scott
Microsoft MVP - IIS
Vaasnet
www.vaasnet.com
securesign
Member
20 Points
10 Posts
Re: UnauthorizedAccessException
Mar 29, 2007 01:45 PM|LINK
First make sure that the the application pool identity user is the Network Service Account,if so then allow the Network Service Account Read Access to the preceding registry key
You need to use an administrator account with permission to alter the registry security to perform the following steps:
1. On the taskbar, click Start, and then click Run. Type regedit in the Open box, and then click OK.
2. Expand the outline list in the left panel to locate the desired folder icon at the preceding registry path.
3. Right-click the desired folder, and then click Permissions.
4. In the Permission for Servers dialog box, click the Add button.
5. In the Select Users, Computers, or Groups dialog box, type NETWORK SERVICE in the text box, and then click Check Names. The Network Service name will be underlined; this indicates that it is a valid security principal. Click OK.
6. In the Permissions for Servers dialog box, click the Network Service user name from the list, and in the Permissions for NETWORK SERVICE section, click Advanced.
7. In the Advanced Security Settings for Servers dialog box, click Network Service, and then click Edit.
8. In the Permission Entry for Servers dialog box, select the Set Value and Create Subkey check boxes in the Allow column to permit read access. Click OK several times until the Permissions dialog box closes.
NOTE: If you have another user instead of the Network Service account on the application pool identity, Then give this account read permission on your registery (folder).
for more Information:
http://dotnetqpearl.net/blogs/securesign/archive/2007/03/19/Allow-your-ASP.NET-to-Access-your-Resources.aspx
http://msdn2.microsoft.com/en-us/library/ms998320.aspx
securesign
Member
20 Points
10 Posts
Re: UnauthorizedAccessException
Mar 29, 2007 01:46 PM|LINK
First make sure that the the application pool identity user is the Network Service Account,if so then allow the Network Service Account Read Access to the preceding registry key
You need to use an administrator account with permission to alter the registry security to perform the following steps:
1. On the taskbar, click Start, and then click Run. Type regedit in the Open box, and then click OK.
2. Expand the outline list in the left panel to locate the desired folder icon at the preceding registry path.
3. Right-click the desired folder, and then click Permissions.
4. In the Permission for Servers dialog box, click the Add button.
5. In the Select Users, Computers, or Groups dialog box, type NETWORK SERVICE in the text box, and then click Check Names. The Network Service name will be underlined; this indicates that it is a valid security principal. Click OK.
6. In the Permissions for Servers dialog box, click the Network Service user name from the list, and in the Permissions for NETWORK SERVICE section, click Advanced.
7. In the Advanced Security Settings for Servers dialog box, click Network Service, and then click Edit.
8. In the Permission Entry for Servers dialog box, select the Set Value and Create Subkey check boxes in the Allow column to permit read access. Click OK several times until the Permissions dialog box closes.
NOTE: If you have another user instead of the Network Service account on the application pool identity, Then give this account read permission on your registery (folder).
for more Information:
http://dotnetqpearl.net/blogs/securesign/archive/2007/03/19/Allow-your-ASP.NET-to-Access-your-Resources.aspx
http://msdn2.microsoft.com/en-us/library/ms998320.aspx
http://www.codeproject.com/useritems/Ahmed_Kader.asp