before I start, I'm a PHP programmer, not an ASP programmer, but at my job, they use ASP and I don't have acces to the server, but I can contact the person in charge.
I'm working on an ASP function for work and I alway hit this "Permission denied" error. I made some search and I found that the account need permission to run the script. It's maybe just me, but I don't understand that ASP check the user before run a script, I mean, it's a public website, obviously they will not have acces if I don't.
Can I change the file so anyone can run it ?
EDIT :
My script is trying to edit a file on the server
dim fs,f
set fs=Server.CreateObject("Scripting.FileSystemObject")
set f=fs.OpenTextFile(Server.MapPath("test.txt"),8,true)
f.WriteLine("This text will be added to the end of file")
f.Close
set f=Nothing
set fs=Nothing
Thanks
The account that IIS uses (probably iusr) needs to have read/write permissions on the target folder. I would recommend using a temp folder (anything other than the website's root folder)
By default, the account will have no permissions. That's simply basic security. You need to have whoever administers that machine give permissions on an appropriate location.
Related
I have an ASP.NET 2.0 application under IIS 8.5 in Classic mode where a page needs to write uploaded files to a folder outside the root of the app. When I first tired this I got something like
Access to the path 'D:\events\uploads\myfile.txt' is denied.
In the Security tab of D:\events I added "IIS AppPool/MyAppPool" and activated the Write permission. Everything worked fine then - as it should.
However, after removing the MyAppPool from D:\events again the same page was still able to write files under D:\events. Scary. A few experiments showed that that the page can now write files everywhere except C:\ C:\Windows C:\Users and D:.
UPDATE: To check which user or group might give access to IIS/ASP.NET I have created a folder C:\TestIISAccess disabled permission inheritance and gradually removed users and groups. Well, there are none left now, I can not even look inside the folder as admin. But my .aspx upload page reports it can still write files there. I have stopped & restarted IIS after all users were removed, makes no difference.
Can some please explain this behaviour and tell me how to cancel the write permission?
I've developed an ASP.NET v4 web app which I am trying to get to write to a folder in the webroot.
For the life of me I cannot get Windows 7 to allow it to write a file, I get Access is Denied error each time.
What I have tried on the folder is
attrib -r /foldernameandpath
attrib -r -s /foldernameandpath
Removing Check from ReadOnly attribute in folder properties
Changed owner to folder to current user whom is also the admin
Changed owner to Everyone
Adding Everyone user to folder with all permissions
Changing the folder to the Public Document directory
Changing to the root of the C drive (Out of desperation)
Nothing seems to work and all I want to do is test that the write works.
Now I know the system works and writes fine cause I had this same web app on a second machine writing the PDFs to the C drive without issue. This second machine I just cannot get it to allow the write.
Oh please for the love of all things holy, put the keyboard and mouse down and stop what you are doing. Some of the actions in your list seriously frightens me.
All the things you list as your actions are most likely useless or desperately random at best.
As a web developer, you shouldn't have to start messing around changing ownership of folders, especially not the web root folder normally used by the web server. When you do, you'll end up in a dark, cold and lonely place. Lord only knows what other desperate measures you have taken. For your own sake, I'll recommend you to do a system restore or even system reinstall to make sure you are in a healthy state.
Let's go back one step and try to sort out what you are doing.
First: what is the path you are trying to write to?
Second: are you running this application directly from within Visual Studio or in IIs?
If you are doing the first option then your current user account is the account who tries to write to the path in question. Do you have write permissions there?
One thing you can try is to start Visual Studio with elevated permissions and see if that works.
If you are running in IIs, it the associated pool account that needs write permissions.
Are you doing impersonation by any chance? If so, make sure the impersonated account have proper permissions.
You should only write to a predefined folder within your app path, like ..\App_Data for example.
The easiest way to find out which account you are running with and determine what path you are trying to write to, is to fire up SysIntenals process monitor and find the entry with the access denied result. Select properties for that entry and find out which account tried to do the write action. When you have determined that, right click on the folder in question and give the proper account write permissions.
I should be able to create a default directory inside project's root directory when the application_start method(inside global.asax)is called for my asp.net web application.
As IIS users dont have full rights to webroot directory(for directory create) i get access denied error message while trying to create the directory.Also IIS users wont be given full access to the root as per client.I am planning to implement like below to meet the expectations of client.Please let me know if there is any better way out for than this approach?
Approach 1:
a.Create a new user account(windows) in the server.
b.Keep the user account name in config file.
c.Read that account from the config file and create directory with that user account using Directory Security object.
Code:
DirectorySecurity dacl = new DirectorySecurity();
string useraccountForDirectoryCreate = System.Net.Dns.GetHostName() + "\\" + "testaccount";
dacl.AddAccessRule(new FileSystemAccessRule(useraccountForDirectoryCreate,
FileSystemRights.FullControl,
InheritanceFlags.
ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow));
Directory.CreateDirectory(imageDirectory, dacl);
The above thing worked locally in IIS server(Haven't tested on client's IIS server)
My concern with this:I think it wont be a feasible to ask the client to create a user account to be
created in the server for just creating the single directory.Also in future he might require to give access to more user for directory create.It wont be feasible to
keep on creating the windows account.
Apporach 2:
a)Create a IIS user account having full access to web root for directory create.(is this a better way out,it is same as giving the IIS user full access to web root isn't it.?Please clarify.)
b)Keep the account info in web config file.
c)Read the account info from web config file and create the directory with permisson with the above piece of code.
Problem with this approach:Is i get the following error.
Some or all identity references could not be translated
when the following statement is invoked.
dacl.AddAccessRule(new FileSystemAccessRule(useraccountForDirectoryCreate,
FileSystemRights.FullControl,
InheritanceFlags.
ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow));
It looks like i am not able to add the access rule for this newly created user.Why is it so?
I have googled enough for the above error message and tried to understand but i am not able to resolve the error.I am not able to understand the error message at all.Please help with the solution for this problem.Its high time to deliver.
This is kind of an advanced problem, hopefully one of you asp/VB gurus will have a suggestion. I am trying to dynamically set a folder's execute permissions in IIS6 from an asp page. I have given the server full permissions to make the changes necessary. When I run the code I get:
Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'
/learning.asp, line 11
I have a server setup with IIS6 running a couple asp websites. I use a code like this to create a folder called "files"
set fso = Server.CreateObject("Scripting.FileSystemObject")
set folder3 = fso.CreateFolder(Server.MapPath(username & "/files"))
set folder3 = nothing
set fso = nothing
Works fine and creates the files folder just where I want it. However, the new folder has execute permissions set to "scripts and exe's" and I need it to be "never" or false. There is a system object that you can call to make this change, and I even have a piece of code that I wrote after reading another tutorial.
It doesn't work and gives the above error. I think, maybe, I am just leaving something out, but this stuff is a little over my head. Here is what I used, but I don't know the syntax or what exactly to call.
Set root = GetObject("IIS://localhost/" & username)
Set newVDir = root.Create("IIsWebVirtualDir","files")
newVDir.Path = "e:\iis3\server2\ADSI"
newVDir.AccessScript = False
newVDir.SetInfo
I have searched around for 3 days trying to find a solution to this, but not very many people do this type of thing apparently, because there are no posts about it that I can find.
Anyway, I don't understand what the getobject is supposed to do, and what newVDir.path I am supposed to be using?
Thank you, in advance, for any helpful suggestions you may have.
This article (see http://technet.microsoft.com/en-us/library/bb742439.aspx) explains what the GetObject actually does.
I believe, what happens behind the scene is that a COM object of type "IIS Admin Service" is (needs to be) created to perform your operations. By default, the IIS application pool account is not allowed to create such object. So maybe its worth to check it. Open Control panel->Administrative services, run "Component services". Find "my computer" in the tree and there find "IIS admin service". Check "activation" and "launch" permissions, add some if necessary.
I have written some code that uses an Access DB, on my localhost the following - Select, Insert, and Delete queries work just fine and do what I programmed them to do. When I move the application to the staging server, the application throws errors when Inserting and deleting, however the select statements work just fine. I have made sure all permissions are read/write as far as I can tell, does anyone know what I am missing. See the error below.
~~~~~
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details: System.Data.OleDb.OleDbException: Could not delete from
specified tables.
Source Error:
Line 714: OleDbDataReader objReader;
Line 715: objConn.Open();
Line 716: objReader = objCmd.ExecuteReader();
Hmmm ... that's odd. Do you have Modify (Change) file system permissions on the staging server's folder? Hitting the .mdb would create that temp Access file, so if you can select you should have Write on that folder. Check that you have Modify.
Is your MDB file readonly? I am talking about the file-system attribute of the MDB file.
Seems like whatever account is utilizing the .mdb file does not have the necessary rights to the file/folder.
I've found that using an .mdb file for a website just has too many problems. You want to switch to at least SQL Express. You website will appreciate it.
ASP.NET runs under the special ASPNET or Network Service account. Mostly IIS_USERS (located in the machine)
Right click on folder containing the file to be modified by ASP user
Folder->Properties->Security->Edit->Add IIS_IUSRS (of local machine) with upto modify permission.