Unauthorized access when writing to file
Question
I have a asp.net website where the users have the possibility to print a document. This document is first written to a folder on the server and then opened/printed by the client. When deploying the website on IIS server I did encounter a few times issues when a user tried to print the document. Apparently the IIS user on the server had insufficient access rights to write to the local folder and thus throwing an unauthorized access exception.
which one is the IIS user and how do I give it write access to a folder on the server in .net?
5 answers
solution1
2 ACCPTED 2009-04-01 20:09:40
I would give write / modify access to the IUSR_MACHINE and NETWORK SERVICE accounts. To actually change the permissions, find the folder in Windows Explorer, get the Folder Properties. On the security tab, click the user in the list (you may have to "ADD" a user to the list first), then check the appropriate checkboxes under the Allow column.
As an aside, when ever I am stumped by a permissions issue, Sysinternals Process Monitor nearly always solves it. Run procmon.exe, set up the filters by excluding processes of known good processes (Right click on the process name, and select "Exclude 'explorer.exe'"). I also typically exclude known results like SUCCESS, and a few others. You can then reproduce the problem, and a bright shining "ACCESS DENIED" entry will be listed at the bottom of the list, including the name of the user account, and the specific asset it was trying to access.
Download Link: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
solution2
0 2009-04-01 19:54:31
Usially it's NETWORK SERVICE user, grand to it write permissions on the required folder.
solution3
0 2009-04-01 19:55:34
There's also frequently a user named "IUSR" that is used by that process.
solution4
0 2009-04-01 19:58:36
On server class operating systems, ASP.NET 2.0 runs under the "Network Service" account. (I'm not sure whether it uses a different account for XP.)
Rather than giving that account more access, it's probably worth making ASP.NET run under a dedicated account. This PDF explains how to do it. (That explains for IIS 6.0; it may be slightly different under IIS 7.0, but it's probably broadly the same.)
solution5
0 2009-04-01 20:00:28
You can use ASP.NET impersonation - http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx - to check if your program can run under a chosen user account.
I find this to be quite useful for exploring account permissions related issues.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.