ErrorAccessingDB/ASP.NET/IISPermissions
ErrorAccessingDB/ASP.NET/IISPermissions
am 29.09.2007 23:55:54 von GH
I get the following error when trying to run a web app.
Access to the path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds'
is denied.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the
path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds' is denied.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
or Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the
boxes for the desired access.
I have given the ASP.Net user and the IUSR_MACHINENAME full rights, but
still get this error. I noticed the virtual folder properties has
readonly checked, but greyed out. If I uncheck readonly close and
reopen the properties dialog it is rechecked. Is this the way it should
work or should it stay unchecked?
TIA
Re: ErrorAccessingDB/ASP.NET/IISPermissions
am 30.09.2007 00:46:40 von David Wang
On Sep 29, 2:55 pm, gh wrote:
> I get the following error when trying to run a web app.
>
> Access to the path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds'
> is denied.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information
> about the error and where it originated in the code.
>
> Exception Details: System.UnauthorizedAccessException: Access to the
> path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds' is denied.
>
> ASP.NET is not authorized to access the requested resource. Consider
> granting access rights to the resource to the ASP.NET request identity.
> ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
> or Network Service on IIS 6) that is used if the application is not
> impersonating. If the application is impersonating via
> impersonate="true"/>, the identity will be the anonymous user (typically
> IUSR_MACHINENAME) or the authenticated request user.
>
> To grant ASP.NET access to a file, right-click the file in Explorer,
> choose "Properties" and select the Security tab. Click "Add" to add the
> appropriate user or group. Highlight the ASP.NET account, and check the
> boxes for the desired access.
>
> I have given the ASP.Net user and the IUSR_MACHINENAME full rights, but
> still get this error. I noticed the virtual folder properties has
> readonly checked, but greyed out. If I uncheck readonly close and
> reopen the properties dialog it is rechecked. Is this the way it should
> work or should it stay unchecked?
>
> TIA
You should only grant permissions to one of those user identities.
Following the instructions in the error page:
1. Are you using anonymous authentication
2. Are you using within ASP.Net
Based on your answers, the proper action is different.
The readonly check box you are talking about is not the issue.
Unchecking readonly is not the correct action because it is not
related to the issue.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Re: ErrorAccessingDB/ASP.NET/IISPermissions
am 30.09.2007 01:25:33 von GH
David Wang wrote:
> On Sep 29, 2:55 pm, gh wrote:
>
>>I get the following error when trying to run a web app.
>>
>> Access to the path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds'
>>is denied.
>>Description: An unhandled exception occurred during the execution of the
>>current web request. Please review the stack trace for more information
>>about the error and where it originated in the code.
>>
>>Exception Details: System.UnauthorizedAccessException: Access to the
>>path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds' is denied.
>>
>>ASP.NET is not authorized to access the requested resource. Consider
>>granting access rights to the resource to the ASP.NET request identity.
>>ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
>>or Network Service on IIS 6) that is used if the application is not
>>impersonating. If the application is impersonating via
>>impersonate="true"/>, the identity will be the anonymous user (typically
>>IUSR_MACHINENAME) or the authenticated request user.
>>
>>To grant ASP.NET access to a file, right-click the file in Explorer,
>>choose "Properties" and select the Security tab. Click "Add" to add the
>>appropriate user or group. Highlight the ASP.NET account, and check the
>>boxes for the desired access.
>>
>>I have given the ASP.Net user and the IUSR_MACHINENAME full rights, but
>>still get this error. I noticed the virtual folder properties has
>>readonly checked, but greyed out. If I uncheck readonly close and
>>reopen the properties dialog it is rechecked. Is this the way it should
>>work or should it stay unchecked?
>>
>>TIA
>
>
>
> You should only grant permissions to one of those user identities.
>
> Following the instructions in the error page:
> 1. Are you using anonymous authentication
> 2. Are you using within ASP.Net
>
> Based on your answers, the proper action is different.
>
> The readonly check box you are talking about is not the issue.
> Unchecking readonly is not the correct action because it is not
> related to the issue.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
David:
I removed the ASP.NET user and left everything else as it was. It was
set this way by default and I still get the same error message. In the
virtual folder under the directory security tab Enable Anonymous Access
is checked and also Intergrated Windows Authentication. Wher is this
tag at or is it something set by default?
>>impersonate="true"/>
I am using IIS 6 and ASP.NET 2.0
Thanks
Re: ErrorAccessingDB/ASP.NET/IISPermissions
am 30.09.2007 12:27:59 von David Wang
On Sep 29, 4:25 pm, gh wrote:
> David Wang wrote:
> > On Sep 29, 2:55 pm, gh wrote:
>
> >>I get the following error when trying to run a web app.
>
> >> Access to the path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds'
> >>is denied.
> >>Description: An unhandled exception occurred during the execution of the
> >>current web request. Please review the stack trace for more information
> >>about the error and where it originated in the code.
>
> >>Exception Details: System.UnauthorizedAccessException: Access to the
> >>path 'C:\TCAPrjPhotoOnline\APP_DATA\TCAPRJPHOTODATA.jds' is denied.
>
> >>ASP.NET is not authorized to access the requested resource. Consider
> >>granting access rights to the resource to the ASP.NET request identity.
> >>ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
> >>or Network Service on IIS 6) that is used if the application is not
> >>impersonating. If the application is impersonating via
> >>impersonate="true"/>, the identity will be the anonymous user (typically
> >>IUSR_MACHINENAME) or the authenticated request user.
>
> >>To grant ASP.NET access to a file, right-click the file in Explorer,
> >>choose "Properties" and select the Security tab. Click "Add" to add the
> >>appropriate user or group. Highlight the ASP.NET account, and check the
> >>boxes for the desired access.
>
> >>I have given the ASP.Net user and the IUSR_MACHINENAME full rights, but
> >>still get this error. I noticed the virtual folder properties has
> >>readonly checked, but greyed out. If I uncheck readonly close and
> >>reopen the properties dialog it is rechecked. Is this the way it should
> >>work or should it stay unchecked?
>
> >>TIA
>
> > You should only grant permissions to one of those user identities.
>
> > Following the instructions in the error page:
> > 1. Are you using anonymous authentication
> > 2. Are you using within ASP.Net
>
> > Based on your answers, the proper action is different.
>
> > The readonly check box you are talking about is not the issue.
> > Unchecking readonly is not the correct action because it is not
> > related to the issue.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> David:
>
> I removed the ASP.NET user and left everything else as it was. It was
> set this way by default and I still get the same error message. In the
> virtual folder under the directory security tab Enable Anonymous Access
> is checked and also Intergrated Windows Authentication. Wher is this
> tag at or is it something set by default?
> >>impersonate="true"/>
>
> I am using IIS 6 and ASP.NET 2.0
>
> Thanks- Hide quoted text -
>
> - Show quoted text -
Is this your Web Application or someone else's web application?
Because if it is someone else's, then you want to ask them for support
on how to get the application working because it is clearly more
proprietary than simply copying the web application.
By default, ASP.Net applications "just work" by copying them and
creating an IIS Application of it. Anything else is basically
additional configuration required by the application, and thus it is
the responsibility of the application provider to take care of that
for you.
Now, based on your observation, you have anonymous authentication and
Integrated authentication enabled. The actual user identity that is
getting access denied depends on several interacting configuration.
No, there is no one single place where you say "run this application
as this user". That would be too easy and insufficiently confusing for
users.
I actually think it is easier for you to figure out the cause of the
Access denied by using a tool, File Monitor, from www.sysinternals.com,
to see what user identity gets denied access to that named resource.
And make sure that user identity has access to that resource.
Of course, nothing says that this approach is correct. It merely
addresses the access denial, but who say that user was supposed to
have access to the resource and whether your action unnecessarily
weakens security? I can't answer those questions -- but the support
personel for that web application should and MUST because that is a
part of supporting that application.
Good luck.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//