locked
FileIOPermission on IIS 7.0 RRS feed

  • Question

  • User1294744997 posted

     Hi everyone,

    This is my scenario:

    1. I create a simple test file called Uploader.aspx, put it up on IIS7, i have set up the .NET trust at medium. This application should create a folder inside its own virtual directory, and then upload a file into it.

    2. From browser I then go and try to upload a file. When it tries to create the directory it fails with

    Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.<o:p></o:p>

    3. If I manually create the folder, it will upload into it without an issue and all is good, so it seems the issue is only the creation of the folder.

     

    Notes:

    1. The physical path in IIS for the site points to an external machine, like \\filer01\Sites\MySite

    2. That happened on a machine A, that has installed Windows Server Web 2008  , service pack 1,  32 bits + NET Framework 3.5.sp1

    On another machine though, with exactly the same settings, pointing at same external machine \\filer01\Sites\MysiteB , with NET trust on medium it works without an issue.

    The B machine has:  Windows Server Web 2008  , service pack 1,  32 bits   but it has NET Framework 3.5 (no sp1)

    3. Obviously if i set it on High trust or Full trust, it works perfectly fine on both machines but i can only do this on medium so this is a must.

    4. Both Application Pools run under Integrated mode.

    5. The rights on the folders are set to full on the user i run under when trying the upload.


    Questions:

    1. Is there any known issue of why can't I create a folder in my own allocated space, given these conditions? Medium trust permits this on $AppDir$ so it should be perfectly fine.

    2.  Any idea on this? why might this be happening?

     

     Cheers,

    Cezar.

    Tuesday, April 27, 2010 8:30 AM

All replies

  • User1294744997 posted

     I would also like to add:

       The application pool user which is the same user that the anonymous access is running under has full control on all the web content folders and subfolders. We realise that the application pool user is not a member of the local IIS_IUSRS security group but are not clear how this may affect it as lacking membership in this group doesn’t seem to stop the user being used as a worker process identity like missing from IIS_WPG in IIS6 would have done. We’ve explicitly added the application pool/anonymous user to the IIS_IUSRS security group and performed an iisreset in case it was required to pick up the changes but still get the same error.

     The line with permissions on  medium_trust i have is the default one - and is identical on both machines:

    <IPermission class="FileIOPermission" version="1" Read="$AppDir$" Write="$AppDir$" Append="$AppDir$" PathDiscovery="$AppDir$"/>

     

     Regards,

    Cezar.

    Wednesday, April 28, 2010 3:27 AM