Greetings - I've got an ASP.NET application that is trying to delete a file on a network share. The ASP.NET application's worker process is running under a domain account (confirmed this by looking in TaskManager and by using ShowContexts2.aspx¹). I've been assured by the network admins that the process account is a member of a group that has Modify permissions to the directory that contains the file I'm trying to delete. However, it is unable to do so, and instead I get an exception (changed the file path to all x's):
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.UnauthorizedAccessException: Access to the path '\xxxxxxx\xxxxxxx\xxxxxxx\xxxxxx.xxx' is denied.
Any ideas on how to diagnose/fix this issue?
Thanks - Jordan
¹ http://www.leastprivilege.com/ShowContextsNET20Version.aspx
-
Ensure your ASP.NET worker process has access to the specified file path.
You can try giving "full control" access to "everyone" and then paring back access until it works with the permissions you want.
-
It sure sounds like you are not running under the proper context.
A suggestion to deal with this a different way (a way that is much more secure) is to run under the default account and map to the network drive using the WNetAddConnection2 windows API. Using this API you do not change the context that ASP.net runs under, you simple map a drive connection. You can specify either a domain account or a local account. You can have it actually map a drive letter or you can just authenticate to a drive share without mapping a letter.
I have used this API from asp.net more than once and it works beautifully. Because you do not give ASP.net increased privileges this is much more secure.
More information on the WNetAddConnection2 API:
http://msdn.microsoft.com/en-us/library/aa385413(VS.85).aspx
0 comments:
Post a Comment