Help - directory access for ASPNET user

G

Guest

Hi

I have an ASP.NET application that writes to a log file in a directory outside the webapp directory (e.g. c:\program files\myapp\logs). OS is Windows 2003

If I see the list of users in the "Security" tab for the 'logs' directory, I see that <localmachine>\Users already exists. Now, <localmachine>\ASPNET is a part of this 'Users' group. But this group does not have write access to the 'logs' directory. I think this is the default setting for all directories

If I give Full Control to the '<localmachine>\Users' group to the 'logs' directrory, my application is able to create the log file

But if instead, I explicitly add '<localmachine>\ASPNET' to the list (in addition to the inherited '<localmachine>\Users' group), and give Full Control to this ASPNET user, my application is not able to create the log file

Then I unchecked 'Inherit from parent' for that directory and removed '<localmachine>\Users' from the list. But even though '<localmachine>\ASPNET' has Full Control on that directory, my ASP.NET app cannot create the log file

Am I missing something here

Thank
Har
 
T

Teemu Keiski

You say Windows 2003. Have you tried giving permissions for NETWORK SERVICE
user? ASP.NET apps should run under it in Wk3 by default
http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_ARC_21.mspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



Hi,

I have an ASP.NET application that writes to a log file in a directory
outside the webapp directory (e.g. c:\program files\myapp\logs). OS is
Windows 2003.

If I see the list of users in the "Security" tab for the 'logs' directory, I
see that <localmachine>\Users already exists. Now, <localmachine>\ASPNET is
a part of this 'Users' group. But this group does not have write access to
the 'logs' directory. I think this is the default setting for all
directories.

If I give Full Control to the '<localmachine>\Users' group to the 'logs'
directrory, my application is able to create the log file.

But if instead, I explicitly add '<localmachine>\ASPNET' to the list (in
addition to the inherited '<localmachine>\Users' group), and give Full
Control to this ASPNET user, my application is not able to create the log
file.

Then I unchecked 'Inherit from parent' for that directory and removed
'<localmachine>\Users' from the list. But even though
'<localmachine>\ASPNET' has Full Control on that directory, my ASP.NET app
cannot create the log file.

Am I missing something here?

Thanks
Hari
 
S

Steven Cheng[MSFT]

Hi Hari,

The NetWork Service is the default process account on W2K box with IIS6.
This is mentioned in some certain document in MSDN but not detailed
described. You may search the "authentication" or "authorization" key words
in MSDN libraray. In addition ,here is another tech article on IIS6 win2k3
server's ASP.NET model:

#IIS 6.0 and ASP.NET, Part 1
http://www.developer.com/net/asp/article.php/2243151

Hope also helps. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ASP.Net Application - SQL Server 2000 Access Problem on Windows 2003 server from XP 3
Move to Server is not Working.. need help 1
Restoring ASPNET Machine Account in Windows XP 0
ASPNET User 6
How can ASPNET access the Northwind database 1
Set ASPNET Version for Virtual Directory from C# App 1
ASPNET account for windows 2000 server 10
StreamWriter problem 5

Top