Access to the path .... is denied

J

j_stus

Hi there,

There was older thead i created for that question a week ago, but then
I had some sort of vacations, and couldn't participate.
Basically I am getting Access to the path "Path name" is denied when I
execute the following code on my production server (W2003)

Dim myFolder As String = Server.MapPath("..\..\..\sDirectory\")
Dim FileName As String

For Each FileName In Directory.GetFiles(myFolder , "*.doc")
Response.Write(FileName)
Exit For
Next

This code will run just fine on my testing machine (Windows XP)

sDirectory is a virtual directory.
Anonymous is turned off.
DIgest authentication for Windows domain servers is selected.
Basic authentication is selected.
..Net Password authentication is not selected.
Permissions on the file:
Administrator (Domain\Administrator)
aspnet_wp account (computerName\ASPNET)
Authenticated Users
Everyone
I don't use identity impersonate in my web.config.


I found many discussions regarding that problem, unfortunatelly still
cannot resolve it by myself...
 
G

Guest

I know this sounds hokey, but have you looked at the populated myFolder
string variable to see what the translated path actually is, and whether it
is valid? You could do a Trace write of this and turn on page tracing
temporarily to see it.

Otherwise, the identity your app runs under (whether the ASPNET account IUSR
or however else it's configured) needs to have the required permissions on
this folder on the target machine.

Peter
 
J

Juan T. Llibre

re:
Dim myFolder As String = Server.MapPath("..\..\..\sDirectory\")
sDirectory is a virtual directory.
Click to expand...

Do you have AspEnableParentPaths set to true ?
To increase security, parent paths are disabled by default.

http://msdn.microsoft.com/library/d...html/30d46649-330a-46bc-8d4b-541ed541e3a5.asp




Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
J

j_stus

I actually print myFolder path, then copy and paste to explorer and can
access it...
AspEnableParentPaths was not set to true, I did that but it didn't fix
my problem.
My xp machine has this option disabled and still works...
 
J

j_stus

I did one more test.
I created another virtual directory, that points to some folder on my
server (local)
Then used same code to access it and it worked.
Then I checked permissions on both folders under security tab, and they
seem to be similar. The only difference is local one has
localMachineName/ASPNET and network has anotherMachineName/ASPNET.
 
J

Juan T. Llibre

Please save the following code as "identity.aspx", and run it in the same directory
as the file which is giving you the "access denied..." error message :

identity.aspx
-------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>WindowsIdentity.GetCurrent.Name()</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
----------

When you run the file, make note of the account returned as the asp.net identity.
Then, give read/write/change permissions to *that* account for the "myFolder" directory.

Let us know what happens when you do that.





Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
J

j_stus

WindowsIdentity.GetCurrent().Name will print NT AUTHORITY\NETWORK
SERVICE
User.Identity.Name will print myDomain/myUserName.

So I added read/write/change permissions to myDomain/myUserName -
didn't help.
Now, I don't have user called NT AUTHORITY\NETWORK SERVICE on my
domain, nor on the box that has the folder. Should I create one? On
domain?
 
M

MSDN

I beleive that NETWORK SERVICE account is created automatically if you are
on Win 2k3

SA
 
J

Juan T. Llibre

re:
Now, I don't have user called NT AUTHORITY\NETWORK SERVICE
on my domain, nor on the box that has the folder. Should I create one?
Click to expand...

NT AUTHORITY\NETWORK SERVICE is a local account, not a domain account.

Are you running your ASP.NET web server on a domain server ?





Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
J

j_stus

I guess I was not clear enough.
ASP.NET is running on Windows2003 server. It's not domain controller.
I created virtual directory on that machine that points to network
directory.
It points to another computer on the network (W2000 server).
Because W2000 doesn't have NT AUTHORITY\NETWORK SERVICE I am not sure
how to resolve it...
 
J

Juan T. Llibre

That's quite a bit clearer, thanks.

If both machines are in the same domain, you can use impersonation for ASP.NET.

Create a domain account and

1. have ASP.NET run as that account
2. give that account the permissions it needs to the W2000 server's folder

See http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx
for a list of ASP.NET 2.0 directories and the permissions the new ASP.NET account will require.

Review this checklist :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000009.asp
for instructions on how to run ASP.NET with a custom service account.




Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
J

j_stus

First of all it is quite challanging, at least for me....
It helped but didn't resolve my problem.
I created domain user, because I don't have ASP.NET 2.0, i followed
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetht01.asp
those instructions to create a Custom Account to Run ASP.NET 1.1.
Then I modified web.config to
<identity impersonate="true" userName="DOMAIN\userName"
password="strongPass"></identity>
then I gave w2000 folder permissions to that accout.
Works!!!!!!
But, there is small problem.
I cannot modify web.config in my production web site.
So I think I should follow those steps:
Add domain user to connect to w2003 server. (HOW?)
Then create tokenHandle while calling LogonUser function
Then execute this code
Dim newId As New WindowsIdentity(tokenHandle)
Dim impersonatedUser As WindowsImpersonationContext =
newId.Impersonate()
Once executed, asp should run as that impersonated account.
Then I should be able to connect to w2000 server, do what I have to do,
then
impersonatedUser.Undo()
Does it make sense? Also how do I add domain user to w2003?
Thanks,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Access to the path .... is denied 3
Access to the path is denied. 1
Access To The Path ... Is Denied 7
Access to the folder is denied 1
Upload error - Access to the path xxx is denied 3
Win2003 Server - Access to the path is denied 1
Access to the path is denied 1
Paths in Subdomains 7

Top