Help - directory access for ASPNET user

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi

I have an ASP.NET application that writes to a log file in a directory outside the webapp directory (e.g. c:\program files\myapp\logs). OS is Windows 2003

If I see the list of users in the "Security" tab for the 'logs' directory, I see that <localmachine>\Users already exists. Now, <localmachine>\ASPNET is a part of this 'Users' group. But this group does not have write access to the 'logs' directory. I think this is the default setting for all directories

If I give Full Control to the '<localmachine>\Users' group to the 'logs' directrory, my application is able to create the log file

But if instead, I explicitly add '<localmachine>\ASPNET' to the list (in addition to the inherited '<localmachine>\Users' group), and give Full Control to this ASPNET user, my application is not able to create the log file

Then I unchecked 'Inherit from parent' for that directory and removed '<localmachine>\Users' from the list. But even though '<localmachine>\ASPNET' has Full Control on that directory, my ASP.NET app cannot create the log file

Am I missing something here

Thank
Har
 
You say Windows 2003. Have you tried giving permissions for NETWORK SERVICE
user? ASP.NET apps should run under it in Wk3 by default
http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_ARC_21.mspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist
http://blogs.aspadvice.com/joteke



Hi,

I have an ASP.NET application that writes to a log file in a directory
outside the webapp directory (e.g. c:\program files\myapp\logs). OS is
Windows 2003.

If I see the list of users in the "Security" tab for the 'logs' directory, I
see that <localmachine>\Users already exists. Now, <localmachine>\ASPNET is
a part of this 'Users' group. But this group does not have write access to
the 'logs' directory. I think this is the default setting for all
directories.

If I give Full Control to the '<localmachine>\Users' group to the 'logs'
directrory, my application is able to create the log file.

But if instead, I explicitly add '<localmachine>\ASPNET' to the list (in
addition to the inherited '<localmachine>\Users' group), and give Full
Control to this ASPNET user, my application is not able to create the log
file.

Then I unchecked 'Inherit from parent' for that directory and removed
'<localmachine>\Users' from the list. But even though
'<localmachine>\ASPNET' has Full Control on that directory, my ASP.NET app
cannot create the log file.

Am I missing something here?

Thanks
Hari
 
Hi Hari,

The NetWork Service is the default process account on W2K box with IIS6.
This is mentioned in some certain document in MSDN but not detailed
described. You may search the "authentication" or "authorization" key words
in MSDN libraray. In addition ,here is another tech article on IIS6 win2k3
server's ASP.NET model:

#IIS 6.0 and ASP.NET, Part 1
http://www.developer.com/net/asp/article.php/2243151

Hope also helps. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 
Back
Top