Unable to save file with ASP.NET FileUpload - access denied

Question

the below code is use for my website to insert photos, On my compouter, i can insert pics but when i transfer it to the remote machine, i get error message. Here is the code:

Protected Sub dvPictureInsert_ItemInserted(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.DetailsViewInsertedEventArgs) Handles dvPictureInsert.ItemInserted

    'If the record was successfully inserted, save the picture
    If e.AffectedRows > 0 Then

        'Determine the maximum pictureID for this user
        Dim results As DataView = CType(maxPictureIDDataSource.Select(DataSourceSelectArguments.Empty), DataView)
        Dim pictureIDJustAdded As Integer = CType(results(0)(0), Integer)
        'Reference the FileUpload control
        Dim imageUpload As FileUpload = CType(dvPictureInsert.FindControl("imageUpload"), FileUpload)

        If imageUpload.HasFile Then
            Dim baseDirectory As String = Server.MapPath("~/UploadedImages/")
            imageUpload.SaveAs(baseDirectory & pictureIDJustAdded & ".jpg")
        End If

Here is the error message:

Server Error in '/please-god' Application. Access to the path 'D:\\Hosting\\4423045\\html\\please-god\\UploadedImages\\3.jpg' is denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'D:\\Hosting\\4423045\\html\\please-god\\UploadedImages\\3.jpg' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

Line 21: If imageUpload.HasFile Then Line 22:
Dim baseDirectory As String = Server.MapPath("~/UploadedImages/") Line 23:
imageUpload.SaveAs(baseDirectory & pictureIDJustAdded & ".jpg") Line 24: End If Line 25: End If Source File: D:\\Hosting\\4423045\\html\\please-god\\PhotoAdmin\\Default.aspx.vb Line: 23

Stack Trace:

[UnauthorizedAccessException: Access to the path 'D:\\Hosting\\4423045\\html\\please-god\\UploadedImages\\3.jpg' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +7715167 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +1162
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +61 System.IO.FileStream..ctor(String path, FileMode mode) +55
System.Web.HttpPostedFile.SaveAs(String filename) +99
System.Web.UI.WebControls.FileUpload.SaveAs(String filename) +23
PhotoAdmin_Default.dvPictureInsert_ItemInserted(Object sender, DetailsViewInsertedEventArgs e) in D:\\Hosting\\4423045\\html\\please-god\\PhotoAdmin\\Default.aspx.vb:23 System.Web.UI.WebControls.DetailsView.OnItemInserted(DetailsViewInsertedEventArgs e) +108
System.Web.UI.WebControls.DetailsView.HandleInsertCallback(Int32 affectedRows, Exception ex) +69
System.Web.UI.DataSourceView.Insert(IDictionary values, DataSourceViewOperationCallback callback) +134
System.Web.UI.WebControls.DetailsView.HandleInsert(String commandArg, Boolean causesValidation) +274 System.Web.UI.WebControls.DetailsView.HandleEvent(EventArgs e, Boolean causesValidation, String validationGroup) +676
System.Web.UI.WebControls.DetailsView.OnBubbleEvent(Object source, EventArgs e) +95
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.DetailsViewRow.OnBubbleEvent(Object source, EventArgs e) +113
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.LinkButton.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) +135
System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +175
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565

Answer 1

You have to make sure the IIS or the server running the website has permission to write to that directory. You could do this by selecting that folder -> Properties-> Security tab.

If that didn't help, you could recheck in the event log to find out with which account it tried to access it.

You might also wanna read this post too.

Answer 2

Even if you have the App Pool set to a user with the correct rights, if you have impersonation turned on in your web.config then you will get this error.

Deleting this line from your web.config will turn off impersonation.

<identity impersonate="true" />

Answer 3

Today I was having the same problem, I tested it locally and on live server as well but the same error was making me frustrated. Then I decided to critically review my code so that I can figure out what was causing the problem. And there the problem was, I was not specifying a filename in the fileupload SaveAs() method. I know the op is specifying a proper path but it could happen to someone else in future maybe.

How my code looked before:
fileupload.SaveAs(Server.MapPath($"{basedir}"));

How it looks now:
fileupload.SaveAs(Server.MapPath($"{basedir}/{fileupload.FileName}"));