Last post Mar 29, 2007 09:46 AM by securesign
Mar 05, 2007 01:41 PM|kami|LINK
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[UnauthorizedAccessException: Access to the path 'D:\amemso\employment\paramedics_ms.pdf' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +2014675
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +998
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +114
System.IO.File.Open(String path, FileMode mode) +42
members_pdf.Page_Load(Object sender, EventArgs e) +668
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1061
Mar 05, 2007 05:37 PM|Steve@Planet|LINK
This is because the ASPNET account and the NETWORK SERVICE account do not have the correct permissions to the "Temporary ASP.NET Files" folder.
Browse to <drive>:\windows\microsoft.net\framework\v 2.0.50727\ and then edit the security settings on the "Temporary ASP.NET Files" folder.
Make sure ASPNET and NETWORK SERVICE accounts have the following permissions:
Modify, Read and Execute, List Folder Contents, Read and Write
Mar 05, 2007 10:41 PM|kami|LINK
This doesn't work either, since I have already assigned full control to the ASPNET and NETWORK SERVICE accounts. Any other idea?
Mar 05, 2007 11:07 PM|OWScott|LINK
My first guess is that your app pool user or anonymous user doesn't have proper permissions to the file itself. Though your reply suggests that you have probably already checked that. If this is on IIS6, the ASPNET user isn't used anymore. Your NETWORK
SERVICE (by default) is the one that your app pool runs under. Make sure to check your anonymous user (IUSR_machinename) also has permissions.
A great tool to find out for sure is filemon (or its replacement: processmonitor) from
www.sysinternals.com. It's quick and easy to learn and safe on a production server. It will tell you exactly which user is denied permissions to what.
Another possibility is Code Access Security (CAS). Is your server set to run in partial trust? If 'D:\amemso\employment\paramedics_ms.pdf' is outside of your site root and the server is set to run in partial trust, then you can run into that issue.
Another remote possibility is that you are writing to the file and it is marked as read-only. That can also cause it to fail with an error like this.
Mar 05, 2007 11:16 PM|kami|LINK
Thanks a lot for your help. Actually, after I replied to Steve, I figured out what was wrong. I had to give permissions the NETWORK SERVICE account for the Website and not just the ASP.Net temp folder. It is working now. Thank you very much, both of you
for taking time and guiding me in the right direction. Here's the Website if you'd like to take a look:
Mar 05, 2007 11:34 PM|OWScott|LINK
Great, glad you got it working. Love the site! Thanks for the update.
Mar 29, 2007 09:45 AM|securesign|LINK
First make sure that the the application pool identity user is the Network Service Account,if so then allow the Network Service Account Read Access to the preceding registry key
You need to use an administrator account with permission to alter the registry security to perform the following steps:
1. On the taskbar, click Start, and then click Run. Type regedit in the Open box, and then click OK.
2. Expand the outline list in the left panel to locate the desired folder icon at the preceding registry path.
3. Right-click the desired folder, and then click Permissions.
4. In the Permission for Servers dialog box, click the Add button.
5. In the Select Users, Computers, or Groups dialog box, type NETWORK SERVICE in the text box, and then click Check Names. The Network Service name will be underlined; this indicates that it is a valid security principal. Click OK.
6. In the Permissions for Servers dialog box, click the Network Service user name from the list, and in the Permissions for NETWORK SERVICE section, click Advanced.
7. In the Advanced Security Settings for Servers dialog box, click Network Service, and then click Edit.
8. In the Permission Entry for Servers dialog box, select the Set Value and Create Subkey check boxes in the Allow column to permit read access. Click OK several times until the Permissions dialog box closes.
NOTE: If you have another user instead of the Network Service account on the application pool identity, Then give this account read permission on your registery (folder).
for more Information:
Mar 29, 2007 09:46 AM|securesign|LINK