creating, writing files, and account info RRS feed

  • Question

  • User-1189667995 posted
    Hi, I need to use an HTTPHandler to create and write files. I wanted to create the file in the directory that has this handler, and other handlers. For me, this directory is: c:\Inetpub\wwwroot\HttpHandlers. I get an error: "Access to the path "C:\Inetpub\wwwroot\HTTPHandlers\bidhero.ccn" is denied." I can have the code write files to other locations just fine. I'm using ASP.net v.1.1 on Windows XP, and Windows 2003. 1. Which would be the best place to create and write this file to? This is not a temporary file. Once created, it will be there for the length of the application. 2. I've read several posts regarding this error, and they talk of account priviledges. How do I know which account is running this program, and how do I change account priviledges? How safe is it to change priviledges to allow a process to write? Thanks. -Shefali
    Wednesday, December 1, 2004 6:36 PM

All replies

  • User-1430188240 posted
    First of all, create a separate directory to put the files in, under the root of the application. E.g. create a "uploads" folder to put the files in. Resolve the physical path name using Server.MapPath("uploads") to put the files in there using System.IO for example. Furthermore, you need to grant access on the server to that folder for the ASP.NET worker process. In pre-Windows 2003 configuration, this is done by granting the ASPNET account full access to the folder in question (using the Windows Explorer, properties of the folder, tab Security - please note that on XP you will need to disable "Simple file sharing" in order to make the tab Security visible), In Windows Server 2003, you can grant the IIS_WPG group full access to the folder (or the Network Service account). This configuration assumes you're running with the default settings. To find out the user at runtime you can use User.Identity.Name and Thread.CurrentThread.CurrentPrincipal. So, to summarize: it's all about the NTFS ACLs on the file system which are set to a secure level by default (read-only). Only grant access to the folders that you need access to, in order to tighten the security as much as you can.
    Tuesday, December 14, 2004 10:05 AM