How to allow writing to a file on the server ASP.net - c#

So I have file that is in folder in website folder structure.
I use it to log errors.
It works when ran from Visual Studio.
I understand the problem. I need to set permissions on inetpub.
But for what user ? and how?
I tried adding some IIS user but it still can not write to the file.
So I am using ASP.net
Framework 3.5 SP1
Server is Windows Server 2003 enterprise edition SP2
How should I set up permissions so write would work?
Thanks

You need to give the Network Service account modify rights.
Right click on the folder, choose properties, go to the Security tab and add the Network Service account if it's not there. If it is listed, ensure it had "Modify" checked.

which users have you granted write access on the folder? I believe you may need to give write access to the user that runs ASP NET user.

ONe solution is to give the ASP.NET user writes on the folder you will be accessing via the site.
Else you can impersonate an admin to run the website. This can be done via inetmgr.

Related

Getting error while running ASP.NET Website on Local Host Server

I'm running a web application developed on ASP.NET; C# and SQL Server 2008; on Local Host on a Network.
It is showing an error 500.19 for some Permissions...
Can anyone help me out to solve this and run my website on localhost without hosting it online.....Have a look, What's the error is...
It might be the issue of permissions for the directory/files for your application.
Make sure you have given the full permission to the users types that will be accessing the application.
For adding/editing permissions, you can navigate to the concerned folder and right click on it, selec properties and then go to security tab wherein you can edit the permissions of existing users as well as add new users with specific permissions.
Also, if you have your application hosted on IIS, there is also an option for changing permissions which will again, open the folder for you and you will have to follow the same steps as mentioned above.
Hope this helps.
Such issue occurs when, some wrong or duplicate element added in web.config file.
Verify your web.config file.
Also confirm execute version of virtual directory (32 Bit / 64 Bit)

"CS0016: Could not write to output file" error when starting an app in IIS 7

I am running Windows 7, and am not usually a developer in this setting, and have recently built a WCF Rest Service in C#, that I'm now trying to deploy to IIS just on my local machine. After much wrangling, I setup up the application, but when I navigate to the application, I get an error message:
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
Compiler Error Message: CS0016: Could not write to output file 'c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\scom_sibyll\8c0b945e\9329016\App_global.asax.eagmqgcd.dll' -- 'Access is denied. '
I have hunted the web to the best of my ability, and have changed the permissions on the Temporary ASP.NET Files fodler to allow the Network Service account full rights, and done the same with the Temp folder. It copies a number of files before failing, so it has write permissions presumably, so I checked the permissions to read from my source folder, and that is working as well. I additionally noted it's crapping out when it tries to to cache the DLL file, and tried turning off my Antivirus protection, as well as turning off UAC, just to see if I could figure out what is blocking this from occurring. I'm fresh out of ideas now. Anybody have any suggestions?
For those looking here as I did, if the accepted answer doesn't resolve the issue you might try following this article: http://lordzoltan.blogspot.com/2011/02/aspnet-2-and-4-default-application-pool.html
In summary, it seems that the same error is sometimes displayed when the app pool user doesn't have access to the %TMP%/%TEMP% folder.
You'll need to grant IIS_IUSRS read and modify access over the temp folder of the user the app pool is running as.
This could either be the temp folder in the app pool user's profile, e.g. c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp, or the system temp folder at c:\windows\temp.
Setting this up this resolved the issue for me.
Sounds like the account that the WCF service is running under does not have access to write to the "Temporary ASP.NET Files" directory.
You could also try re-running regiis.
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -i
ASP.NET IIS Registration Tool (Aspnet_regiis.exe)
On Windows 8/Server 2012 there is no support for aspnet_regiis any more.
I tried reinstall using windows features: fail.
I tried reinstalling IIS: fail.
I tried reinstall through WebPI: fail.
I solved the issue by setting the ACL's on the Windows Temp Directory.
Here is a powershell that does the job:
$dir = "C:\Windows\Temp"
$acl = get-acl -path $dir
$new = "IIS_IUSRS","Modify","ContainerInherit,ObjectInherit","None","Allow"
$accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $new
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $dir
There're 3 step to do:
1 - check if "Application Pool Identity" is NetworkService
2 - NETWORK_SERVICE account needs full control on:
. C:\Windows\Temp
. C:\Windows\Microsoft.NET\Framework[related framework]\Temporary ASP.NET Files\
3 - restart the IIS
Error Solved
You could also try re-running regiis.
"%windir%\Microsoft.NET\Framework[related framework]\aspnet_regiis -i"
This KB resolved it for me, it appears that the temp file path was nonexistent in the OS environmental variables.
http://support.microsoft.com/kb/825791
I granted read and write access to C:\Windows\Temp for the IIS_WPG group. This worked for me. I'm on Server 2003 R2 and IIS 6 and the group name is different. I fount it from http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/ where it says:
•The IUSR built-in account replaces the IUSR_MachineName account.
•The IIS_IUSRS built-in group replaces the IIS_WPG group.
Thanks to Dommer for suggesting the windows temp folder and to zcrar70 for the nice summery and a link with detailed description.
For me the solution was a combination of the fixes described here. I had to give to the NETWORK_SERVICE account full control on
C:\Windows\Temp
and
C:\Windows\Microsoft.NET\Framework[related framework]\Temporary ASP.NET Files\
and also change the Application Pool Identity to NetworkService.
Also do not forget to restart the IIS after you give full control to NETWORK_SERVICE on the Temp folders
I was getting the same error while developing a web api using asp.net core 2.0 and it got resolved after restarting the machine.
Some times the Temp files might be locked by other process in the workstation. As a first step please reboot the workstation and check the application.
On Windows 8 absolutely nothing worked for me. One day app pools suddenly decided they no longer want to work under the NetworkService account.
I solved the problem by changing the app pool to work under my own user account. Not a great solution I know, but it worked.
This error happens when I use a bat file to delete temporary files. It probably deletes the directory itself and the given permissions are gone. So you have to restore them somehow.
The easiest way is to grant full control over following directories for Everyone:
C:\Windows\Temp
C:\Windows\Microsoft.NET\Framework[related framework]\Temporary ASP.NET Files\
I have permissions but I'm starting to get that error.
"restart machine" works for me
I started getting this error too recently in a corporate environment after the company implemented various security measures that took away admin rights from the users.
For developers, the company authorized the creation of accounts that could be used and we had to add these to the PC's admin group and then change the application pool's identity to use the account.
EXAMPLE (Windows 10)
Account created for developers: domain\developer
Someone with admin rights to the PC will have to do the following:
Go to Control Panel\User Accounts\Manage User Accounts
Click on the Advanced tab, and click on the Advanced user management button
In the lusrmgr page, click on the Groups folder in the left column to bring up groups in the center panel
Then secondary-click on the Administrators group and select "Add to Group..."
In the Administrators Properties panel, click the "Add..." button
A "Select Users, Computers, Service Accounts, or Groups" dialog opens. Add the account (domain\developer in this example)
Then click on the OK button (this button will be disabled if you don't have admin rights)
Now configure the App Pool:
Open IIS Manager, select Application Pools
Click on the application pool you want so it's highlighted, then click "Advanced Settings..." from the Actions panel on the right
Under the Process Model section, click on the Identity setting and the ellipses button
In the Application Pool Identity dialog, select "Custom account" and then click the Set button
Enter the account and the password
At this point I was able to close everything, restart IIS and then run my app. It could then access the temp folders it couldn't before.
In my case, when I change Load User Profile to True (App Pool -> Advance setting -> Load User Profile -> set to true) it works.

Adding C# web app to a web site with IIS6

I finished my very first C# project in VS 2008 and it is working well now. But now I need to publish this project onto my new website. This project is a web application that interacts with my SQL Server 2008 Adventureworks database on this same computer(XP Professional OS). I am running IIS 6.0 Manager, but I am a newbie to both IIS 6.0 and VS 2008.
I began by right-clicking the application in VS and selecting "Publish", but I've just selected File System, cause choosing Local IIS forces me to enter Username and password.
The problem is that I can't open this website from IIS without it prompting me for username and password. I have modified machine.config file several times in the processModel section, by setting username="D610-M\ASPNET", password="AutoGenerate". But this makes me enter built-in password when I try to view it. And I don't know what built-in ASPNET password is. When I cancel this password popup, it returns:
HTTP 401.1 "You are not authorized to
view this page."
And I've reset the ASPNET password several times. First I tried setting it to a password I knew, then I ran the aspnet_regiis command to reinitialize it. I also tried substituting other usernames and passwords, but none of them have worked. I even tried entering "SYSTEM" for username and AutoGenerate password, but even this prompts me to enter password. I have added the ASPNET user Read/Write/List permissions to all relevant folders. And I tried to create a new website pointing to http://localhost/[AppName], but this forces me to enter password. So no getting around that password.
I have modified Properties for Default Website in IIS: Home Directory pointing to my application in VS 2008 folder and Application Protection = Low. On Directory Security tab, I set username to D610-M\IUSR_D610-M and I checked "Enable anonymous access." I unchecked the Allow IIS to control password.
And I have read alot of MS URL's and other websites to see if I could answer these problems myself, but none of their helps worked either. This should be simple. I'm just trying to add my web application to my website. I know that my website works cause I installed a default website with basic HTML and it works.
What else can I try in order to add this web app to my website?
One important limitation to remember is that you are only allowed one website on IIS6 on XP.
If you have edited your machine.config you have introduced too many new variables into the equation to properly troubleshoot the problem (not that editing machine.config in itself is harmful, but it's an indication that there's a bit of shotgun approach to the problem).
You need to start out by wiping your slate clean and making sure that you have an otherwise working system. Browsing an HTML page does not prove much as running HTML and running ASP.NET are like apples and bicycles.
The best that I know of for doing this is uninstalling and reinstalling IIS and whatever .NET framework you are on. If you are on 3.5 you should do this for both two and three point five. If you can you need to put machine.config and every version of web.config (except the one in your web app itself) back to their defaults. There is nothing there you should need to edit run an ordinary ASP.NET app.
Once you think you have a tabla rasa and can browse an html page, then change its extension to .aspx and see if you can still browse it.
My last suggestion for today is:
As a poster above said set your ACLs on the folder where your website is (typically c:\inetpub\wwwroot) so that the group "Everyone" has "Full Access". Don't leave it this way, even on your own machine, but it takes file permissions out of the equation. If you are still having problems let me know, but basically you need to start from a "known good" state if you ever hope to get this problem resolved.
I am not sure if this is it, but.... I have seen this error myself and it is usually caused by not having the ASP.NET version set to 2.0 in your Website properties under the ASP.NET tab. This setting is often defaulted to ASP.NET 1.1 which would cause this error to occur. Note, that even though you are using Visual Studio 2008 the ASP.NET Version is still needs to be 2.0 in IIS. I would double check this setting.
Usually, I recommend the initial build to be to a location in C:\ (example being C:\MyFirstApplication). You also need to make sure the "Network Service" has permissions to that folder. Placing the application in the projects (or whatever) folder in your personal documents list is asking for permissions and access issues. Try that and see if it works!
You need to set root level folder permissions on your web site. Navigate to the folder that holds your web site, right click, permissions, security tab. Make sure that you have asp.net, anonymous user, Internet Guest Account (computer\iuser_{something}) and network service in the allowed roles.
As an aside I suggest that you pre-compile your site before posting it to your web server. This is a security precaution and a performance booster. Getting into this habit will be a good thing for you in the long run. It keeps people from tweaking the code on the server. There is a good utility here to make this easier: http://www.west-wind.com/tools/aspnetcompiler.asp
I believe this is pretty much the same as the question posed by him earlier here

I get this error when I try to access file from iis of another system

You do not have permission to view this directory or page using the credentials you supplied.
It looks like you are trying to access files over network by IIS, however to do that, in network share you will need to add IUSER_ , IWAM_ or ASPNET user permissions as well.
I had the same problem, but neither giving access to Network Service, nor to IUSR helped me. I was trying to deploy an ASP.Net 4.0 web application with Forms Authentication on IIS7 on Windows Server 2008. What solved the problem was providing read and script permissions to the handlers, which can be accomplished by opening Handler Mappings and then selecting "Edit Feature Permissions" from the right menu.
Probably because you don't have permission... If this is unexpected, provide some more information and we can help.

write a file from webservices

I have a web service using .net c# and I want to write to a text file on the server, but I cannot get this to work. I believe it's a permission problem.
Specifically, I think the problem is I am using System.IO.Directory.GetCurrentDirectory().
Is there a better alternative?
Try granting the ASP.NET user (or whatever account IIS is running as) permission to write to the folder you are trying to write to.
If this is a network share, try to run IIS as a domain user that can write to the share.
Remember the principle of granting minimal permission (dont use Admin level access).
If you don't specify a destination folder I assume your web service wants to write to "C:\Windows\System32\" or something of that kind. That's why a UnauthorizedAccessException will be thrown on the server. In order to write to the "home"-directory of the web service you have to find out where that is first.
The following works for me but you also find other suggestions here.
Add the reference System.Web, and get the current directory by calling:
strFileDestination = System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath + strFileName;
Remember to give your service write permission in IIS.
If you're running on Windows 2003 and haven't turned on ASP.NET impersonation, and are running the app in the DefaultAppPool or an application pool that is configured to run under the identity of "Network Service", then you'll need to give the "Network Service" account write permission to the destination folder. If you're running the site in an app pool that is using an identity other than "Network Service" then that account may require write permissions to the destination folder.
If you're running windows 2000 then the '<MACHINENAME>\ASPNET' account will need write permissions to the destination folder.
If you've got impersonation turned on then you'll need to give the site's anonymous user account write permissions to the destination folder instead.
To check if impersonation is turned on, open (assuming ASP.NET 2.0) then check your machine.config file (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) to see if you have the following setting:
<identity impersonate="true"/>
This may also be overridden in your application's web.config.
Additionally if you're running in a partial trust environment then you'll likely only be able to write to the website's application folder because the default FileIOPermission is usually set to $AppDir$, i.e. you can't modify files anywhere else, even with the correct NTFS permissions.
If you're writing to a network share then StingyJack has the answer for you, but the partial trust environment considerations still apply.
But check your NTFS perms first, that's probably the best bet.
Hope this helps
Kev
Stuart, instead of using System.IO.Directory.GetCurrentDirectory(), you may want to use Server.MapPath. You can give Server.MapPath the directory relative to the location of your web service where you want to save the file, otherwise you probably need to pass a full file path "C:\Files\file.txt". As far as the permissions issue, I am usually able to resolve this by adding write access to the folder I'm writing the file to for IIS_WPG and ASPNET users (These usernames may be different on your server).
You should be able to write files from web services. This is most likely a permissions or trust issue. If you are in a limited trust (i.e., Medium trust) ensure that you are writing to a patch in or below your web root. If you are already doing that, or are in a full trust environment check to make sure that the directory has permissions for the IIS worker process to write to it.

Categories