Removing IIS APPPOOL/MyPool from folder does not cancel file write permissions - asp.net

I have an ASP.NET 2.0 application under IIS 8.5 in Classic mode where a page needs to write uploaded files to a folder outside the root of the app. When I first tired this I got something like
Access to the path 'D:\events\uploads\myfile.txt' is denied.
In the Security tab of D:\events I added "IIS AppPool/MyAppPool" and activated the Write permission. Everything worked fine then - as it should.
However, after removing the MyAppPool from D:\events again the same page was still able to write files under D:\events. Scary. A few experiments showed that that the page can now write files everywhere except C:\ C:\Windows C:\Users and D:.
UPDATE: To check which user or group might give access to IIS/ASP.NET I have created a folder C:\TestIISAccess disabled permission inheritance and gradually removed users and groups. Well, there are none left now, I can not even look inside the folder as admin. But my .aspx upload page reports it can still write files there. I have stopped & restarted IIS after all users were removed, makes no difference.
Can some please explain this behaviour and tell me how to cancel the write permission?

Related

Wrong permissions when uploading file on WORDPRESS (Windows server 2012)

I've recently moved my WP site from godaddy to a physical sever using windows server 2012 R2.
But I'm having problem uploading files using the Admin panel, After uploading the file, I can see it physically on the server (wp-content\upload\2017\10)
But I can't see it on the website it self.
I can only see the file if I'm changing it permissions on the server it self.
I've changed the permissions to the folder, I gave full access to the relevant users. But still, it doesn't work for new files\pictures I'm uploading via the wp admin panel
Edit:
I've notice that every time I come to change the folder permissions the permissions under CREATOR OWNER are always empty, Is it Related ?
Thank you very much for the help
When you upload a file, PHP sends the file to a temporary directory on your server's hard drive (usually C:\Windows\Temp) and then copies it over to the proper directory. Once the file has is initially put in the temporary directory, it gets the permissions of that directory. The problem is when Windows moves that file to the proper place, it keeps the temporary directory’s permissions, which can cause access problems.
The way to fix this is to change the temporary directory to a folder within your WordPress installation, usually wp-content/upgrade.
To do this, follow these directions:
Find your php.ini file.
Find the upload_tmp_dir line, and change it to the wp-content/upgrade folder.
Browse to this folder and verify that the permissions are set properly.
You should then have the ability to properly view all your images. You'll most likely need to select all the previous selected images, and change the owner of the files to the web folder owner. Then you should be good to go!
If you can’t upload an image at all, it’s probably because you need to give the IUSR account Read/Write/Modify permission on your wp-content folder. This will allow you to upload, and do the WordPress & plugin updates.
Once you have done that, all you need to do is give the IIS_IUSRS group Read permissions on your “C:\Windows\Temp” folder.
Make sure to notice that the two permission changes you make are not for the same user/group. Give IUSR permissions on your wp-content folder and IIS_IUSRS permissions on your Windows temp folder.
Note: If you have edited your php.ini file and change the upload temp directory then you will need to give IIS_IUSRS group read permissions on that folder instead.
That should do it, or at least it worked for me.
http://chris.wastedhalo.com/2011/01/wordpress-upload-permissions-on-iis-7-fix/
I find myself coming back to this question time after time when images I add to the Media Gallery don't have the correct permissions in the WordPress Uploads folder. Since I develop WordPress sites locally, it would be a pain to set permission on the Uploads folder every time I work on a new site.
To fix this, I created a folder "C:\Websites\Temp" without messing around with permissions or security settings, etc. Then in MAMP, I edited the php.ini template of the PHP version I was using for this site, php7.3.0.ini (File, Edit Tempate, PHP). I then set upload_tmp_dir to "C:\Websites\Temp":
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
upload_tmp_dir = c:\websites\temp
and voila, no more permission issues.
Well, a few years later, found this post. Tried it. Failed.
Other solution is to assign a specific user to the site in IIS and apply the right permisions to the folder containing the site.

Wordpress File Uploader Error in Godaddy Managed WP Hosting

I am in a really interesting situation right now.
After migrating a client website from a development environment using, WP Clone by WP Academy, I get this error when trying to upload images via the Worpress media uploader.
“image.png” has failed to upload due to an error
Unable to create directory uploads/2015/07. Is its parent directory writable by the server?
I logged into Godaddy and change the entire uploads/ folder permission via ssh to 777 (crazy enough). And all its contents.
I still got the same error.
After probing a little deeper, I found out the website is running from a different location than the machine i am sshed into.
What do I mean?
When I run pwd via ssh, to see my current working directory I get.
-bash-4.2$ pwd
/home/clientname/html/wp-content/uploads
But In the Wordpress setting at, Settings -> Media
The option "store uploads in this folder" has a value of
/home4/d***71/public_html/website.url/wp-content/uploads
Meaning The site files are copied and hosted in a different location than that given via the SSH, This is probably due to the fact that Godaddy's managed wordpress hosting has some special cache setting configured beyond the control of the user.
The problem now is how do I correct the File Permission issue and have my uploads working properly.
:)
I am just adding this, if anyone ran into the same issue in future.
Log into your GoDaddy account.
Go to the Hosting page.
Click Manage
Select File Manager for the domain you want to edit the permission (this is, if you have multiple domains)
Navigate to the folder where you have installed the WordPress.
Hover on the 'wp-content' and you should able to see an arrow, click to see the option called 'Change Permissions'.
You should able to see all the Permission details in this window.
login into your godaddy panel and click file manager
click or open your project folder
locate upload folder and click on check box
click into the privacy icon and check inherit an SET ALL SUB FOLDERS TO INHERIT PERMISSIONS both checkboxes
The "Hover" didn't work for me. What DID work was to go to the directory above, put ONE check in a box for a DIRECTORY (not a file), and then click on "Privacy".
GoDaddy Permissions
If you check more than one folder, OR a file, you won't get the permissions eyeball to light up.
So, to fix a file permission you would have to go to the level above, and change "Set all subfolders to inherit permissions".
Apparently you can't change some files and not others - just the parent folder, which then sets all the files (is my guess).
This is NOT a limitation of Windows, it's the broken way they establish permissions.
Anyway - hopefully that will work. Tech support confirmed the drop down doesn't work anymore.
== John ==

strange issue when uploading file via asp.net, vs manually via FTP

I have a form in ASP.Net MVC, which allows you to upload a file. The file is saved to a location on the server. For example, if the domain is www.test-domain.com, and the local path is c:\websites\test-domain.com\, the image is stored in /uploads/File/image.jpg.
When I try to access this url http://www.test-domain.com/uploads/File/image.jpg, I get redirected to the forms loginUrl="XXXX" path in web.config. To test, I removed the web.config entirely, and accessed the file. This time round, I get a 401 - Unauthorized: Access is denied due to invalid credentials.
I then uploaded another file via FTP this time, to http://www.test-domain.com/uploads/File/image2.jpg. This one can be accessed without any problem. I even tried download image.jpg as saved via Asp.Net, delete the file on server and re-upload the same exact file by FTP and it worked again!
It seems by FTP is working, while via Asp.Net somehow there are some access / authorisation requirement. I do have authentication set in Asp.Net, but I removed the entire web.config file, and I still got an error.
Any ideas?
I've found out why this was happening, though it is totally unrelated to what I thought it was in the beginning. I am uploading an image and resizing it. I've looked further in the code, and for some reason I was creating an image in the temporary windows folder, and then moving it to the actual location using File.Move.
It seems that the security permissions created are different, than if I had to create the file directly in the final folder. I've updated the code to create the image directly in the actual folder, and this is working fine.
Reference: http://blogs.msdn.com/b/oldnewthing/archive/2006/08/24/717181.aspx

Access denied when writing to a file. Why?

I've developed an ASP.NET v4 web app which I am trying to get to write to a folder in the webroot.
For the life of me I cannot get Windows 7 to allow it to write a file, I get Access is Denied error each time.
What I have tried on the folder is
attrib -r /foldernameandpath
attrib -r -s /foldernameandpath
Removing Check from ReadOnly attribute in folder properties
Changed owner to folder to current user whom is also the admin
Changed owner to Everyone
Adding Everyone user to folder with all permissions
Changing the folder to the Public Document directory
Changing to the root of the C drive (Out of desperation)
Nothing seems to work and all I want to do is test that the write works.
Now I know the system works and writes fine cause I had this same web app on a second machine writing the PDFs to the C drive without issue. This second machine I just cannot get it to allow the write.
Oh please for the love of all things holy, put the keyboard and mouse down and stop what you are doing. Some of the actions in your list seriously frightens me.
All the things you list as your actions are most likely useless or desperately random at best.
As a web developer, you shouldn't have to start messing around changing ownership of folders, especially not the web root folder normally used by the web server. When you do, you'll end up in a dark, cold and lonely place. Lord only knows what other desperate measures you have taken. For your own sake, I'll recommend you to do a system restore or even system reinstall to make sure you are in a healthy state.
Let's go back one step and try to sort out what you are doing.
First: what is the path you are trying to write to?
Second: are you running this application directly from within Visual Studio or in IIs?
If you are doing the first option then your current user account is the account who tries to write to the path in question. Do you have write permissions there?
One thing you can try is to start Visual Studio with elevated permissions and see if that works.
If you are running in IIs, it the associated pool account that needs write permissions.
Are you doing impersonation by any chance? If so, make sure the impersonated account have proper permissions.
You should only write to a predefined folder within your app path, like ..\App_Data for example.
The easiest way to find out which account you are running with and determine what path you are trying to write to, is to fire up SysIntenals process monitor and find the entry with the access denied result. Select properties for that entry and find out which account tried to do the write action. When you have determined that, right click on the folder in question and give the proper account write permissions.

Where should I put my log file for an asp.net application?

I have a ASP.NET application that we've written our own logging module for.
My question is, where is the standard place to write a log file to? I.e. the website will be running as the anonymous user identity (e.g. IUSR on IIS7) and I need a place where I know it'll have permission to write to.
Cheers,
App_Data folder on the root of the project. It isn't served to web requests; so other people can't snoop for it.
I would suggest putting the log file onto a seperate disk, though should give you a little performance gain so that your not trying to both read and write to the same disk as the website. If you cannot put the log file on a seperate disk, then I would simply choose a folder of your choice.
In any case, you will have to give the "Network Service" account "Modify" permissions to the desired folder.
If on the other hand, you have access to a databse, then log the information there. It will be much quicker than accessing the hard drive and won't be publically available. You'll also be able to report from the data quite easily.
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
So for the moment I'm going with the CommonApplicationData Folder.
On Vista/Server 2008 this is C:\ProgramData\
On XP/Server 2003 this is C:\Documents and Settings\All Users\Application Data\
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
If you have a website, you clearly have a folder somewhere. Can you not add a (non-web-facing) subfolder? It seems like that would be a more appropriate place to put your logs than dumping them into a global, shared folder.
You could also log to the Windows Event log or to a table in a database. How often are people looking at the event log? If it's being examined on a regualr basis, writing to a table amkes the reporting back much easier as it's trivial to reverse the order and only show the last X events for the current time period. The Windows Event log you can also query the Windows Event Log through PowerShell or with LogParser.
Push the app_data is the best idea, just bear in mind, when the publishing the projects, if the option "Delete all existing files before publishing" is ticked, then the current data in the folder will be gone. The workaround is to skip the deletion of app_data folder.
Another option to do logging is to use some existing framework such as Log4net.

Resources