Grant ASP.NET MVC 3 website write access to ~/Content/uploads folder

StackOverflow https://stackoverflow.com/questions/17062741

Question

I have an ASP.NET MVC 3 website that runs on the company intranet to which I want to add a page that can upload files to the server.

I am running the site on Windows Server 2012 with IIS 8.

IIS Config:

Application pool attributes:

  • .Net Framework v4.0
  • Managed Pipeline Mode: Integrated
  • Identity: LocalSystem

Under the site node, authentication is set as:

  • Windows Authentication: Enabled (Users must use their corporate Windows Accounts to log in)
  • All other Authentication including Anonymous Authentication set to Disabled.

Windows Permissions:

In the Content directory, I have granted all access permissions to the System, Admin and my User's account.

MVC Code:

The MVC Controller method that handles the file upload contains the following code:

[HttpPost]
public ActionResult Upload(HttpPostedFileBase file)
{
    if (file != null && file.ContentLength > 0)
    {
        var fileName = Path.GetFileName(file.FileName);
        DateTime timestamp = DateTime.Today;
        var path = Path.Combine(Server.MapPath("~/Content/uploads"), fileName);
        if( !Directory.Exists(path))
            Directory.CreateDirectory(path);
        file.SaveAs(path);
    }

    return RedirectToAction("Index");
}

When I try to upload a file using the above controller I get the following error:

Server Error in '/' Application.

Access to the path 'C:\Sites\ClosedBeta\Content\uploads\test.csv' is denied. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\Sites\ClosedBeta\Content\uploads\test.csv' is denied. 

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. 

To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error: 
Line 34:                 if( !Directory.Exists(path))
Line 35:                     Directory.CreateDirectory(path);
Line 36:                 file.SaveAs(path);
Line 37:             }
Line 38: 

Source File:  C:\Users\****\Documents\Visual Studio 2010\Projects\Solution\Project\Controllers\UploadTestController.cs    Line:  36 

Stack Trace: 

[UnauthorizedAccessException: Access to the path 'C:\Sites\ClosedBeta\Content\uploads\test.csv' is denied.]
  System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +10760710
  System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) +1352
  System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +60
  System.IO.FileStream..ctor(String path, FileMode mode) +55
  System.Web.HttpPostedFile.SaveAs(String filename) +94
  System.Web.HttpPostedFileWrapper.SaveAs(String filename) +9
  Project.Controllers.UploadTestController.Upload(HttpPostedFileBase file) in C:\Users\****\Documents\Visual Studio 2010\Projects\Solution\Project\Controllers\UploadTestController.cs:36
  lambda_method(Closure , ControllerBase , Object[] ) +180
  System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
  System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +214
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
  System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +55
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) +253
  System.Web.Mvc.<>c__DisplayClass17.<InvokeActionMethodWithFilters>b__14() +21
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +191
  System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +324
  System.Web.Mvc.Controller.ExecuteCore() +106
  System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +91
  System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10
  System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +34
  System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +19
  System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62
  System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +48
  System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) +7
  System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22
  System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60
  System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9629708
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Any adivce would be apreciated

Was it helpful?

Solution

I think that the problem was simply that I needed to wait a bit for the permissions to take effect.

After Comming back to the same code the next day, it worked perfectly.

OTHER TIPS

simply go though iis check is IISUSER and IUSR_ has permission to read and write

Generally plesk panel and cpanel add default permission to read list and write but in some cases something goes wrong and u need to setup the right permission.

So you have 2 way to achive your goal:

If you have access to iss do it by youself

or

Ask to your hosting company to setup write and read permission to this particular folder.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top