Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Access To The Path ... Is Denied

Reply
Thread Tools

Access To The Path ... Is Denied

 
 
hufaunder@yahoo.com
Guest
Posts: n/a
 
      07-20-2006
I have a website that uses a web service that is located on the same
machine. This webservice calls a program which in return modifies a
file in c:\documents and Settings\All Users\Application Data\...'.
Unfortunately, whenever the webservice is executed I get the following
error message:

Access to the path 'C:\Documents and Settings\All Users\Application
Data\...' is denied.

Permissions for the default website (where the website and web service
reside) include [name]\Administrators and Internet Guest Account
([name]\IUSR_[name]) among others.

In directory security I have Enable anonymous access checked using User
Name = [name]\IUSR_[name] and the password I set up for that account.
Everything else (Integrated Windows authentication, etc) is unchecked.

For the file and the directory it resides in I have given full access
rights to IUSR_[name].

File Monitor (sysinternals.com) shows process = w3wp.exe,
Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
authority\network service

OS is win2k3.

What am I missing here?

 
Reply With Quote
 
 
 
 
Kristofer Gafvert
Guest
Posts: n/a
 
      07-20-2006
Hello,

You have given full access rights to IUSR_[name] but the user account
denied access is nt authority\network service according to FileMon.

I believe this is your problem.


--
Regards,
Kristofer Gafvert
http://www.gafvert.info/iis/ - IIS Related Info


http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>I have a website that uses a web service that is located on the same
>machine. This webservice calls a program which in return modifies a
>file in c:\documents and Settings\All Users\Application Data\...'.
>Unfortunately, whenever the webservice is executed I get the following
>error message:
>
>Access to the path 'C:\Documents and Settings\All Users\Application
>Data\...' is denied.
>
>Permissions for the default website (where the website and web service
>reside) include [name]\Administrators and Internet Guest Account
>([name]\IUSR_[name]) among others.
>
>In directory security I have Enable anonymous access checked using User
>Name = [name]\IUSR_[name] and the password I set up for that account.
>Everything else (Integrated Windows authentication, etc) is unchecked.
>
>For the file and the directory it resides in I have given full access
>rights to IUSR_[name].
>
>File Monitor (sysinternals.com) shows process = w3wp.exe,
>Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
>authority\network service
>
>OS is win2k3.
>
>What am I missing here?

 
Reply With Quote
 
 
 
 
CaffieneRush@gmail.com
Guest
Posts: n/a
 
      07-20-2006
Run aspnet_regiis -i to reinstall asp.net.
Among the other things that the tool does is to give the correct
permissions to the correct users on the correct files and directories.

You can avoid this problem in the future by installing IIS before
installing the .net framework. Otherwise, you'll need to run
aspnet_regiis -i

Andy

(E-Mail Removed) wrote:
> I have a website that uses a web service that is located on the same
> machine. This webservice calls a program which in return modifies a
> file in c:\documents and Settings\All Users\Application Data\...'.
> Unfortunately, whenever the webservice is executed I get the following
> error message:
>
> Access to the path 'C:\Documents and Settings\All Users\Application
> Data\...' is denied.
>
> Permissions for the default website (where the website and web service
> reside) include [name]\Administrators and Internet Guest Account
> ([name]\IUSR_[name]) among others.
>
> In directory security I have Enable anonymous access checked using User
> Name = [name]\IUSR_[name] and the password I set up for that account.
> Everything else (Integrated Windows authentication, etc) is unchecked.
>
> For the file and the directory it resides in I have given full access
> rights to IUSR_[name].
>
> File Monitor (sysinternals.com) shows process = w3wp.exe,
> Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
> authority\network service
>
> OS is win2k3.
>
> What am I missing here?


 
Reply With Quote
 
hufaunder@yahoo.com
Guest
Posts: n/a
 
      07-20-2006
IIS has been installed before the .NET framework, I believe. In any
case, I did re-install it again but the problem is still the same. As
mentioned I have given full access rights to the file and containing
folder to the user defined in the directory security dialog. Therefore,
it seems to me that the web service and/or the program that the
webservice executes run under a different user account. Could that be?
If so how do I find out what user account?

Thanks

(E-Mail Removed) wrote:
> Run aspnet_regiis -i to reinstall asp.net.
> Among the other things that the tool does is to give the correct
> permissions to the correct users on the correct files and directories.
>
> You can avoid this problem in the future by installing IIS before
> installing the .net framework. Otherwise, you'll need to run
> aspnet_regiis -i
>
> Andy
>
> (E-Mail Removed) wrote:
> > I have a website that uses a web service that is located on the same
> > machine. This webservice calls a program which in return modifies a
> > file in c:\documents and Settings\All Users\Application Data\...'.
> > Unfortunately, whenever the webservice is executed I get the following
> > error message:
> >
> > Access to the path 'C:\Documents and Settings\All Users\Application
> > Data\...' is denied.
> >
> > Permissions for the default website (where the website and web service
> > reside) include [name]\Administrators and Internet Guest Account
> > ([name]\IUSR_[name]) among others.
> >
> > In directory security I have Enable anonymous access checked using User
> > Name = [name]\IUSR_[name] and the password I set up for that account.
> > Everything else (Integrated Windows authentication, etc) is unchecked.
> >
> > For the file and the directory it resides in I have given full access
> > rights to IUSR_[name].
> >
> > File Monitor (sysinternals.com) shows process = w3wp.exe,
> > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
> > authority\network service
> >
> > OS is win2k3.
> >
> > What am I missing here?


 
Reply With Quote
 
Juan T. Llibre
Guest
Posts: n/a
 
      07-20-2006
A solution more specific to this problem would be to run :

aspnet_regiis -GA <account name>

In this case :
aspnet_regiis -GA "nt authority\network service"

That command will assign *all* ASP..NET 2.0 permissions needed to the account.

If you have doubts about which account ASP.NET is running as,
save this script as "identity.aspx", run it, and run the aspnet_regiis -ga
command using whatever account name is returned by the script.

identity.aspx:
-------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>WindowsIdentity.GetCurrent.Name()</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
---------





Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaņol : http://asp.net.do/foros/
===================================
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> Run aspnet_regiis -i to reinstall asp.net.
> Among the other things that the tool does is to give the correct
> permissions to the correct users on the correct files and directories.
>
> You can avoid this problem in the future by installing IIS before
> installing the .net framework. Otherwise, you'll need to run
> aspnet_regiis -i
>
> Andy
>
> (E-Mail Removed) wrote:
>> I have a website that uses a web service that is located on the same
>> machine. This webservice calls a program which in return modifies a
>> file in c:\documents and Settings\All Users\Application Data\...'.
>> Unfortunately, whenever the webservice is executed I get the following
>> error message:
>>
>> Access to the path 'C:\Documents and Settings\All Users\Application
>> Data\...' is denied.
>>
>> Permissions for the default website (where the website and web service
>> reside) include [name]\Administrators and Internet Guest Account
>> ([name]\IUSR_[name]) among others.
>>
>> In directory security I have Enable anonymous access checked using User
>> Name = [name]\IUSR_[name] and the password I set up for that account.
>> Everything else (Integrated Windows authentication, etc) is unchecked.
>>
>> For the file and the directory it resides in I have given full access
>> rights to IUSR_[name].
>>
>> File Monitor (sysinternals.com) shows process = w3wp.exe,
>> Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
>> authority\network service
>>
>> OS is win2k3.
>>
>> What am I missing here?

>



 
Reply With Quote
 
Simon Hart
Guest
Posts: n/a
 
      07-20-2006
The recomended guidelines is you need to authenticate the Web Service
request and set the Web Service to NTLM (Integrated Security) turn off
anonymous and set <indentity impersonate="true"/> in web.config.

Doing the above, the call will execute under the user of the authenticated
user.

Look at the Credentials property of the Web Service proxy if you are not
sure how to authenticate web service calls.

Regards
Simon.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I have a website that uses a web service that is located on the same
> machine. This webservice calls a program which in return modifies a
> file in c:\documents and Settings\All Users\Application Data\...'.
> Unfortunately, whenever the webservice is executed I get the following
> error message:
>
> Access to the path 'C:\Documents and Settings\All Users\Application
> Data\...' is denied.
>
> Permissions for the default website (where the website and web service
> reside) include [name]\Administrators and Internet Guest Account
> ([name]\IUSR_[name]) among others.
>
> In directory security I have Enable anonymous access checked using User
> Name = [name]\IUSR_[name] and the password I set up for that account.
> Everything else (Integrated Windows authentication, etc) is unchecked.
>
> For the file and the directory it resides in I have given full access
> rights to IUSR_[name].
>
> File Monitor (sysinternals.com) shows process = w3wp.exe,
> Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
> authority\network service
>
> OS is win2k3.
>
> What am I missing here?
>



 
Reply With Quote
 
Simon Hart
Guest
Posts: n/a
 
      07-20-2006
IUSR_MACHINENAME will only be used if anon access is turned on and
impersonate is turned on otherwise ASPNET user account will be used (unless
of course NTLM is used in the context of my previous post).

General rule of thumb is to never change user permissions.

Regards
Simon.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I have a website that uses a web service that is located on the same
> machine. This webservice calls a program which in return modifies a
> file in c:\documents and Settings\All Users\Application Data\...'.
> Unfortunately, whenever the webservice is executed I get the following
> error message:
>
> Access to the path 'C:\Documents and Settings\All Users\Application
> Data\...' is denied.
>
> Permissions for the default website (where the website and web service
> reside) include [name]\Administrators and Internet Guest Account
> ([name]\IUSR_[name]) among others.
>
> In directory security I have Enable anonymous access checked using User
> Name = [name]\IUSR_[name] and the password I set up for that account.
> Everything else (Integrated Windows authentication, etc) is unchecked.
>
> For the file and the directory it resides in I have given full access
> rights to IUSR_[name].
>
> File Monitor (sysinternals.com) shows process = w3wp.exe,
> Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
> authority\network service
>
> OS is win2k3.
>
> What am I missing here?
>



 
Reply With Quote
 
hufaunder@yahoo.com
Guest
Posts: n/a
 
      07-21-2006
Thanks for the input. If I turn on integrated security the user will
have to log in before using the webservice. At least that is from my
limited experience. I do not want that the user has to login, though.
So how can I do this. Note that I have the following

1) in web.config <authentication mode="Windows"/>
2) in web.config <identity impersonate="true"/>
3) in IIS "Enable anonymous access" unchecked
4) in IIS "Integrated Windows authentication" enabled.

BTW, what is 1) and 4) the same and it just can be configured at
different places?

Thanks
Simon Hart wrote:
> The recomended guidelines is you need to authenticate the Web Service
> request and set the Web Service to NTLM (Integrated Security) turn off
> anonymous and set <indentity impersonate="true"/> in web.config.
>
> Doing the above, the call will execute under the user of the authenticated
> user.
>
> Look at the Credentials property of the Web Service proxy if you are not
> sure how to authenticate web service calls.
>
> Regards
> Simon.
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> >I have a website that uses a web service that is located on the same
> > machine. This webservice calls a program which in return modifies a
> > file in c:\documents and Settings\All Users\Application Data\...'.
> > Unfortunately, whenever the webservice is executed I get the following
> > error message:
> >
> > Access to the path 'C:\Documents and Settings\All Users\Application
> > Data\...' is denied.
> >
> > Permissions for the default website (where the website and web service
> > reside) include [name]\Administrators and Internet Guest Account
> > ([name]\IUSR_[name]) among others.
> >
> > In directory security I have Enable anonymous access checked using User
> > Name = [name]\IUSR_[name] and the password I set up for that account.
> > Everything else (Integrated Windows authentication, etc) is unchecked.
> >
> > For the file and the directory it resides in I have given full access
> > rights to IUSR_[name].
> >
> > File Monitor (sysinternals.com) shows process = w3wp.exe,
> > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
> > authority\network service
> >
> > OS is win2k3.
> >
> > What am I missing here?
> >


 
Reply With Quote
 
shijobaby shijobaby is offline
Junior Member
Join Date: Dec 2009
Posts: 7
 
      02-06-2010
If your web service anonymous authentication is


turned off you must enable that

Otherwise you have to pass username and password
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Very annoying error: Access to the path is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity Jay ASP .Net 2 08-20-2007 07:38 PM
403 Forbidden: You were denied access because: Access denied by access control list Southern Kiwi NZ Computing 6 03-19-2006 05:19 AM
"Access to the path <path> is denied" but it shouldn't be. Kent Tegels ASP .Net Security 0 08-26-2004 04:43 PM
Access to the path is denied Theerachet Pratoommanee ASP .Net 1 12-30-2003 09:03 AM
Access to the path ...\\dynamic_images is denied. What Happens??? cg ASP .Net 0 07-02-2003 07:29 AM



Advertisments