I have a website sitting in a virtual directory in IIS 6.0. Within this virtual diretory there is also a P12 certification that I need to use for accessing an external web service. When I attempt to access this file through the site, I get a "file not found" error.
I have verified that the file is there and have mirrored my local dev enviromnent to match production and all works fine there.
I'm pretty confident that this is a permissions issue.
Can anyone point me in the right direction?
Thanks!
By default, IIS 6 will only serve specific types of files (based on extension) to requesting clients. If you're P12 certification (I'm not sure what that is) file is not one of those, a 404 is exactly what you should receive.
In your IIS admin console, you can modify the list of file types which are processed and/or served.
It sounds like it's possible you're attempting to access this file programmatically, in which case you'll need to provide a bit more information - show us the code that is attempting to access the file, and maybe the exception as well
EDIT:
Based on your comments about the location of the file, you could try doing something along the lines of this:
File.Exists(Server.MapPath("/") + "DLWSCert.p12")
I found that the message of the exception is misleading. The message says was File Not Found but the message was contained within a System.CryptogrphyException. Ultimately, the problem was permissions on the app pool account. Once those were set properly, it worked fine.
Related
I'm trying to get my MVC app to write a simple text file to another server using System.IO.File.WriteAllText. (A separate process is looking in that folder for text files to grab.) It works fine when debugging on my local machine, but when deployed to IIS on a test server, I always get this error when trying to write the file:
Access to the path '\\server\C$\folder\subfolder\file.txt' is denied.
The answer to at least half a dozen similar questions here on SO was to give the application pool identity account access to that folder. However, the app pool on IIS was already running under a service account that had full permissions to the desired folder but was still getting the error. I even tried changing the app pool to my own account (the one used successfully in debugging) and still get the error.
Anonymous access is turned off, and Windows Authentication is turned on (part of the file.txt is info from the user's AD account). I have tried accessing the app with several AD accounts, both with and without access to \\server\C$\folder\subfolder\ but they all give the same error.
I don't see how the app can be running under an authorized account, and the user can be logged in to the app with an authorized account, but still get the access denied error. Is there any way to get more info about specifically what access is denied or which account is actually being denied? Anything else I'm missing here??
You need to check whether other processes already have the file open, e.g, "A separate process is looking in that folder for text files to grab" - perhaps this separate process already has the file open and is therefore locking out your IIS process? Use Process Monitor (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) to monitor activity on the file.
Also you give the file location as '\server\C$\folder\subfolder\file.txt'. UNC paths normally begin with a '\\', e.g., '\\server\C$\folder\subfolder\file.txt'. That may just be an artefact of StackOverflow escaping the double slash to a single slash.
As a simple test, can you use notepad with your own account to open the file in the error message and write to the file? What if you use the application pool identity account?
Edit: You run Process Monitor on the server that has the file location. Add a Path filter like this:
Path excludes file.txt then Exclude
Where file.txt is the file name (without the directory) of the file you are monitoring. This filter will only capture events for that file and will exclude everything else. Once an event occurs, right click it, and go to Properties, Process to see the User initiating the event.
First of all, you can try to give write rights to IUSR user on your folder in which you want to write your text file.
There is a way to imitate an user in your asp.net application by using Impersonate tag in your web.config file but I think this can be dangerous.
<identity impersonate="true" userName="nomducompte" password="motdepasse" />
I hope this helps.
I'm running a web application developed on ASP.NET; C# and SQL Server 2008; on Local Host on a Network.
It is showing an error 500.19 for some Permissions...
Can anyone help me out to solve this and run my website on localhost without hosting it online.....Have a look, What's the error is...
It might be the issue of permissions for the directory/files for your application.
Make sure you have given the full permission to the users types that will be accessing the application.
For adding/editing permissions, you can navigate to the concerned folder and right click on it, selec properties and then go to security tab wherein you can edit the permissions of existing users as well as add new users with specific permissions.
Also, if you have your application hosted on IIS, there is also an option for changing permissions which will again, open the folder for you and you will have to follow the same steps as mentioned above.
Hope this helps.
Such issue occurs when, some wrong or duplicate element added in web.config file.
Verify your web.config file.
Also confirm execute version of virtual directory (32 Bit / 64 Bit)
I have searched the internet and cannot seem to find the answer to my question. I have also searched thoroughly through stackoverflow, which might help me to pose a better question.
I have made an application with webservices in C#, which is running in Silverlight.
My problem is that the application has to create a directory with a relative path. Locally it works, but when I upload it to Microsoft Server it does not create a directory.
It says the following:
File operation not permitted. Acces to path: 'c:/inetpub/wwwroot/...' is denied.
I use this line of code for the creation:
Directory.CreateDirectory(System.Web.HttpContext.Current.Server.MapPath("TEMP/");
On the map where the application is running, I have granted all rights to public and IIS user. But it still gives the same error. Besides this, I have also wrote a small piece of independent code in .Net to create a directory. This was to test the access and that works.
So I don't really know where to look.
#Update - 22/05/2014 - 14:29
I have literally deleted all code and just kept a create directory function with one button and one event handler:
Directory.CreateDirectory("path");
I have noticed that relative path's do not work in Silverlight here. (He seems to think the path the browser(i.e. Chrome) as being the parent and not the application's path).
Some other findings are, that if I put in the absolute path. Locally it works, but when i upload it to the server it again says acces denied...
Any tips are very welcome!
I have found the solution to the problem!
The following was going wrong:
My silverlight application consists of two parts. A Web-service and a Client;
The Web-service executes as being the user: IUSR, which had the full rights on the server.
The Client executes as being the user: DefaultAppPool.
The problem with this, is that the DefaultAppPool user can not be given rights as easily. If you try to give rights the default way, in the map settings, the DefaultAppPool user cannot be found.
The correct way to give full rights to DefaultAppPool, is to go to the command console and type:
icacls c:\"Path to the map" /grant “IIS APPPOOL\DefaultAppPool”:(F)
For more detailed information about this, check the following link:
http://eufuckingreka.wordpress.com/2013/02/12/granting-defaultapppool-permissions-to-a-direction-on-windows-server-2008/
I am trying to create a quick fix for a problem I am having. All I need to do is download a file from my website to a local computer.
I have a website using ASP.NET and C# and I have added the code below to a button click to download a file:
WebClient webClient = new WebClient();
webClient.DownloadFile("http://www.mysite.com/myfile.ext", #"C:\test\myfile.ext");
which produces the error in the title:
Could not find a part of the path 'C:\test\myfile.ext'.
The directory does exist on my computer.
From what I have read this appears to be a permissions issue on the local computer. I have added full permissions on that directory for the NETWORK SERVICE user as I am running Windows 7. I also have a user that is running XP so I believe the user there would be ASPNET.
Needless to say none of this has worked and allowed me to download the file. I'm a little out of my element here so I'm not sure what to do. It could be that I'm on the right track and just missed something obvious, or maybe I'm way off base.
Anyone have some guidance for me?
EDIT
The more I think about this, I can't help but think there's a better way to do this.
I've downloaded from websites before without ever needing to deal with permissions, so what would be a better simple approach? What am I missing here?
ANSWER
Thanks, I found exactly what I needed from Hari's responses below.
The user running the application pool used by your website needs to be given permissions to read that file. So, goto IIS > app pools > find the one for your website > the one that's under identity.
Check the application pool identity type to make sure you are granting permission to the correct user, see this website for more details.
This isn't a very complicated scenario really, but as I start to type out the problem I'm realizing how convoluted it can become textually. Let me try and be very clear:
First, the set up...
I have a C#/ASP.NET web application that is publicly facing on my main domain (www), let's call it www.mysite.com. Nothing fancy, just a front-end that connects to SQL to display records.
Then, I have a second C#/ASP.NET web application that is secured using forms authentication running on a subdomain, let's call it admin.mysite.com. This is a very light-weight CMS system to administer the public site.
Now, the problem...
Both of these sites run fine for basic tasks, however, my problem arises when I try to gain access to the file system for uploading. My webhost requires subdomains to run as a virtual directories under the main application in IIS (so the subdomains actually resolve/re-direct to www.mysite.com/admin when you type in admin.mysite.com), but because of this I am unable to write to my website root from the subfolder.
Let me explain a little more...
The CMS system (running as a virtual directory) gives the admin the ability to upload photos for display on the main site, the target folder of which is www.mysite.com/images - when attempting disk access from the root app, I am able to write to the virtual directory, but cannot do the opposite -- that is, write to the root from the virtual directory, getting security violations. If I can only upload to the /admin/ virtual directory, the entire point is moot because it's a secured folder that the public can't see!
The only solution I can think of is to upload the files to the /admin/ virtual directory, then call a URL in the root that moves files from /admin/ back to the root, but that is entirely ghetto.
I hope this post makes sense. Anyone else experience anything like this? The bottom line is that it seems virtual directories ONLY have access to themselves, and not their parent directories, no matter what credentials are used.
Thanks!
Somewhat unrelated to your question.
GoDaddy is not a great host due to things like you have stated. I recently went on the search for a host and wholeheartedly recommend JodoHost.com.
Some post I wrote on the matter:
http://www.ocdprogrammer.com/post/2009/12/16/The-search-for-a-web-host.aspx
http://www.ocdprogrammer.com/post/2010/01/03/JODOHostcom.aspx
However, the behavior you are seeing seems very normal to me. A sub domain not being able to access the root domain. Though with a dedicated server you could overcome this, but one of the drawbacks of a shared host.
In that case, I think I would consider using a database.
Here's how I would do it:
The files are uploaded into the /admin directory
The admin app writes the URL of the file into the database that it shares with the root app
The root app loads the URL from the database and uses it to point to the file.
I think that is the best way to approach it, under such circumstances.
You could put a webservice in your root domain "www.yoursite.com" that will receive a stream and will save this stream to disk as file. (this webservice could receive three parameters: the stream, the name of the desireed file on disk, and eventually the destination folder for the file so it will be a multi-purpose write file system)
Later, in your subdomain "subdomain.yoursite.com" you could consume the webservice (when you
upload a file, convert to stream, and send it to the webservice hosted in the root site with
appropiate parameters).