Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Need help fixing File Delete permission issues! (I'm loosing my hair!)

Reply
Thread Tools

Need help fixing File Delete permission issues! (I'm loosing my hair!)

 
 
darrel
Guest
Posts: n/a
 
      06-01-2006
I know I'm sounding like a broken record. I already asked this question last
week.

Alas, this question seems to be getting very few responses no matter how I
word it or where I post it. Apparently, this is a rather rare occurance (or
maybe people just don't like me...both pluasible theories... ;o)

So, anyways, I'll post it in here one last time as a hail marry...

I'm building an application that can manage some images that are uploaded.
You can upload them, save them, and delete them.

I'm having problems with the delete portion. My directory structure is such:

approot (folder)
images (folder)
deleteTest (aspx page)
admin (forms authenticated folder)
delete (aspx page)

both 'delete' and 'deleteTest' pages in my sample above use the exact same
syntax to delete a file within the images folder.

'deleteTest' does it just fine. 'delete' on the other hand, prompts me for a
username/password then tells me permission is denied on the /images folder.

On both pages, I'm writing out the user information. BOTH pages return the
exact same information:

Page.User.Identity.Name: testlogin
System.Security.Principal.WindowsIdentity.GetCurre nt().Name:
WIN17\abernath
System.Threading.Thread.CurrentPrincipal.Identity. Name: testlogin

'testlogin' is blank on the 'deleteTest' page if I haven't yet logged in.
Either way, though, that page can delete files just fine.

So, I'm stumped. It appears both threads are running as the same user, but
if I run the function from within my authenticated error, I'm denied access.

My web host claims all appropriate permissions are set.

Some theories I've gotten from others:

- I need to impersonate (though impersonate what? ASPNET?)
- I need to allow the server to grant permission to authetnicated users
(can I do that via my app, or would that be something the web
host always has to set up manually?)
- ???

I'm at the point where I'm just going to do a really hacky workaround:

I'll have a 'deleteConfirm' page OUTSIDE my authenticated folder. From
within my authenticated folder, when someone clicks DELETE, the image
information to delete will be saved in a DB table, then the page will
redirect to the 'deleteConfirm' page which will then look into that same
table and if it sees any data, will grab it, delete the images, then delete
the data. Seems OK, but, obviously, an insane workaround. ;o)

Is there anyone with IIS/asp.net/permission experience that could shed some
light on this problem for me?

Thanks!


 
Reply With Quote
 
 
 
 
darrel
Guest
Posts: n/a
 
      06-02-2006
Alternatively, anyone recommend any other places to ask a question like
this? I've had zero luck getting a response to this one particular question
in here so I assume this might be a niche issue best served by some security
or IIS forum/newsgroup?

-Darrel


 
Reply With Quote
 
 
 
 
Juan T. Llibre
Guest
Posts: n/a
 
      06-02-2006
You might want to try posting in the Security Forum at www.asp.net :

http://forums.asp.net/25/ShowForum.aspx




Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaņol : http://asp.net.do/foros/
===================================
"darrel" <(E-Mail Removed)> wrote in message news:%(E-Mail Removed)...
> Alternatively, anyone recommend any other places to ask a question like this? I've had zero luck
> getting a response to this one particular question in here so I assume this might be a niche issue
> best served by some security or IIS forum/newsgroup?
>
> -Darrel
>



 
Reply With Quote
 
Darrel
Guest
Posts: n/a
 
      06-02-2006
> You might want to try posting in the Security Forum at www.asp.net :
>
> http://forums.asp.net/25/ShowForum.aspx


Thanks. Alas, I've tried that as well with no real responses either. The two
theories that came from there are:

- the authetnicated user doesn't have IIS permissions
- I need to impersonate

If the first is true, that's a big problem, as I don't want people to have
to deal with their web host every time they add a new user to the system
that needs IIS permissions as well.

If the second is true, no one has been able to explain how I'd do that.
Sounds like I'd need to impersonate the default ASPNET user, which seems
backwords from what impersonation actually is (to NOT run as the default
ASPNET user.)

-Darrel


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help fixing this error please:NameError: global name is not defined shaun Python 10 09-06-2012 09:16 PM
Fixed: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). Skybuck Flying Windows 64bit 1 06-29-2009 06:17 PM
Treeview, loosing selected node after navigate, need help from Falcula ASP .Net 1 12-04-2007 04:27 PM
Need some help fixing some HTML and CSS problems Domino HTML 5 11-05-2006 09:58 PM
Need help fixing a JavaScript Brenton Javascript 1 08-24-2006 01:27 PM



Advertisments