an iis application seems have trouble writing temporary folder (it's needed make use of excel interop).
access path 'c:\temp\temp_file_name.xlsx' denied.
exception details: system.unauthorizedaccessexception: access path 'c:\temp\temp_file_name.xlsx' denied.
here's stack trace:
[unauthorizedaccessexception: access path 'c:\temp\temp_file_name.xlsx' denied.] system.io.__error.winioerror(int32 errorcode, string maybefullpath) +10550675 system.io.file.internalcopy(string sourcefilename, string destfilename, boolean overwrite) +863 system.io.file.copy(string sourcefilename, string destfilename) +12 exceloperations.filehelper.copyfile(string sourcepath, string destinationpath) +477 webextensions.personalpricelistdataexchange.createnewquerybtn_click(object sender, eventargs e) +427 system.web.ui.webcontrols.button.onclick(eventargs e) +115 system.web.ui.webcontrols.button.raisepostbackevent(string eventargument) +140 system.web.ui.page.raisepostbackevent(ipostbackeventhandler sourcecontrol, string eventargument) +29 system.web.ui.page.processrequestmain(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint) +2981 now, accounts, looks typical "lack of permissions" case, i've modified temp folder allow special group "everyone" full access...
what missing?
edit:
i forgot mention!
the application works when log in site using administrative account. however, other account (despite logging iis site successfully) doesn't have access folder. again, weird thing i've granted "everyone" full access, , it's still not working.
the application in question ms crm 4.0 extension (residing inside crm isv folder it's subsite), using same application pool crm itself. however, have doubts if in way related crm itself. think it's iis / permissions issue.
edit 2:
i've added simple piece of code application:
throw new exception(page.user.identity.name + " " + httpcontext.current.user.identity.name); obviously, throws current name of used identity. identity fine - i.e. it's normal user belonging domain. can add specific user , give him permissions folder, , it still fails. :(
edit 3:
i've turned on auditing temp folder.
here results (i had edit information out):
a handle object requested. subject: security id: -the domain , login of logged user- account name: -the current username- account domain: -the current domain- logon id: 0x5e3194d object: object server: security object type: file object name: c:\temp\temp_file_name.xlsx handle id: 0x0 process information: process id: 0x13f0 process name: c:\windows\system32\inetsrv\w3wp.exe access request information: transaction id: {00000000-0000-0000-0000-000000000000} accesses: delete read_control synchronize readdata (or listdirectory) writedata (or addfile) appenddata (or addsubdirectory or createpipeinstance) writeea readattributes writeattributes access reasons: delete: unknown or unchecked read_control: unknown or unchecked synchronize: unknown or unchecked readdata (or listdirectory): unknown or unchecked writedata (or addfile): denied integrity policy check appenddata (or addsubdirectory or createpipeinstance): unknown or unchecked writeea: unknown or unchecked readattributes: unknown or unchecked writeattributes: unknown or unchecked access mask: 0x130197 privileges used access check: - restricted sid count: 0 the user specified in audit report was given full access folder.
here thoughts...
obviously, giving access folder bad. should check credentials under application pool working. example, if it's "application pool identity" need grant user named iusr access folder.
one of weird errors error you're seeing result of attempting write empty file (zero bytes). recall having "permissions" issue in fact turned out zero-byte file write.
it's strange how application user login changes behaviour of service access - doing impersonations? i.e. propagate windows login service? if - error because user domain. example, if user domain mydom, think group has domain (take note there "local domains", pc name - example, mypc\administrator local user , doesn't have mydomain\administrator).
ultimately, might want change location of temp folder. you're using c#, like:
system.io.path.gettemppath()
could trick, since iis has predefined path these purposes you'll have write access. needless say, it's better practice using c:\temp brings in serious security risks.
Comments
Post a Comment