|
ms
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
C# program creating folder on server/access deniedI have an application that needs to create folders and copy files to a
Windows2003 Server. The app was developed in vs2008/c#/sql2000. The program logs into the sql server using Integrated security. and runs on various client workstations. When the program tries to create a folder using Directory.Create(<dirname>), it gets the Access Denied error. .NET 2.0/sp1 is installed on the server, I have administrative rights and can create a folder and copy files when I log onto the server. How can I configure the permissions on the server to allow the program to create folders and copy files? I think there something like a ".NET worker process" that can be given permisison. Thank you "walter1234" <walter1***@discussions.microsoft.com> wrote in message Does the app run within the security context of the currently logged-on news:BE530C0F-D3EF-4FFE-85D2-F4C16E798380@microsoft.com... > I have an application that needs to create folders and copy files to a > Windows2003 Server. The app was developed in vs2008/c#/sql2000. The > program > logs into the sql server using Integrated security. and runs on various > client workstations. Windows user, or does it use impersonation? I am not sure I know how to answer that question. I definitely have not
implemented any impersonation. I am running the app on a workstation on the LAN, and logged in as administrator to that LAN. The app will ultimately have to run under other logins on other workstations. I guess that would mean that the app is just running under the security context of the logged in user, but I'm not sure about that term. Thanks Show quoteHide quote "Mark Rae [MVP]" wrote: > "walter1234" <walter1***@discussions.microsoft.com> wrote in message > news:BE530C0F-D3EF-4FFE-85D2-F4C16E798380@microsoft.com... > > > I have an application that needs to create folders and copy files to a > > Windows2003 Server. The app was developed in vs2008/c#/sql2000. The > > program > > logs into the sql server using Integrated security. and runs on various > > client workstations. > > Does the app run within the security context of the currently logged-on > Windows user, or does it use impersonation? > > > -- > Mark Rae > ASP.NET MVP > http://www.markrae.net > >
Show quote
Hide quote
"walter1234" <walter1***@discussions.microsoft.com> wrote in message In which case, the app is running under the security context of the news:CBA506F9-6246-4F19-AE22-63E0C86B7A7C@microsoft.com... >>> I have an application that needs to create folders and copy files to a >>> Windows2003 Server. The app was developed in VS2008/C#/SQL2000. The >>> program logs into the SQL Server using integrated security. and runs on >>> various >>> client workstations. >> >> Does the app run within the security context of the currently logged-on >> Windows user, or does it use impersonation? > > I am not sure I know how to answer that question. I definitely have not > implemented any impersonation. currently logged-on user... > I am running the app on a workstation on the LAN, and logged in as Presumably you are able to create the folders in question from the same > administrator > to that LAN. workstation but outside the C# app without having to supply additional security credentials...? If so, I would suggest that you enable security auditing on the server and inspect the event log entry created when the C# app tries to create the folders...
Show quote
Hide quote
"walter1234" <walter1***@discussions.microsoft.com> wrote in message Is it a Web application (as the "worker process" mention seems to news:BE530C0F-D3EF-4FFE-85D2-F4C16E798380@microsoft.com... >I have an application that needs to create folders and copy files to a > Windows2003 Server. The app was developed in vs2008/c#/sql2000. The > program > logs into the sql server using Integrated security. and runs on various > client workstations. > When the program tries to create a folder using > Directory.Create(<dirname>), > it gets the Access Denied error. .NET 2.0/sp1 is installed on the server, > I > have administrative rights and can create a folder and copy files when I > log > onto the server. > How can I configure the permissions on the server to allow the program to > create folders and copy files? I think there something like a ".NET worker > process" that can be given permisison. suggest)? In that case, if you haven't enabled impersonation, the code will be running as the user "Network Service", which will most likely not have permissions to create the folders that you are trying to create. There are various ways to make the worker process impersonate a different user. Most likely, you will want to add an <identity impersonate="true"/> element in the web.config. If Integrated Authentication is enabled in IIS, and you add an <authorization><deny users="?"/>, this will cause the worker process to impersonate the user that logged in at the workstation where you are browsing to your application. If this user has sufficient permissions for creating the folder, the operation should succeed (unless you want to create it at a different server from the one that is running the IIS, in which case you will need to configure the systems to enable delegation). Alberto,
Thanks for your reply. My application is a windows application. I didn't realize that the "worker process" only applies to web applications. I got the error running the program under Visual Studio 2008 logged into the LAN as administrator. The app will ultimately have to run under other non-admin users with less priviledge. What else can I look at? Thanks for your help Show quoteHide quote "Alberto Poblacion" wrote: > "walter1234" <walter1***@discussions.microsoft.com> wrote in message > news:BE530C0F-D3EF-4FFE-85D2-F4C16E798380@microsoft.com... > >I have an application that needs to create folders and copy files to a > > Windows2003 Server. The app was developed in vs2008/c#/sql2000. The > > program > > logs into the sql server using Integrated security. and runs on various > > client workstations. > > When the program tries to create a folder using > > Directory.Create(<dirname>), > > it gets the Access Denied error. .NET 2.0/sp1 is installed on the server, > > I > > have administrative rights and can create a folder and copy files when I > > log > > onto the server. > > How can I configure the permissions on the server to allow the program to > > create folders and copy files? I think there something like a ".NET worker > > process" that can be given permisison. > > Is it a Web application (as the "worker process" mention seems to > suggest)? > > In that case, if you haven't enabled impersonation, the code will be > running as the user "Network Service", which will most likely not have > permissions to create the folders that you are trying to create. > > There are various ways to make the worker process impersonate a > different user. Most likely, you will want to add an <identity > impersonate="true"/> element in the web.config. If Integrated Authentication > is enabled in IIS, and you add an <authorization><deny users="?"/>, this > will cause the worker process to impersonate the user that logged in at the > workstation where you are browsing to your application. If this user has > sufficient permissions for creating the folder, the operation should succeed > (unless you want to create it at a different server from the one that is > running the IIS, in which case you will need to configure the systems to > enable delegation). > > Not sure if my suggestion will apply to your problem - but I deploy apps
on my lan using "Click Once". These apps all create folders except only on the respective workstations that have downloaded the app. We have a win2003 server at my place. I am thinking if multiple users will be using your app and the app needs to create a folder on the server - it is either a common folder or - if these will be individual folders - wouldn't you want to create them on the local workstations where the app is being executed? If it is a common folder - or the folder create thing is a one time per user - you could create these folders manually and just have the app(s) check for the existence of the folder(s). Rich *** Sent via Developersdex http://www.developersdex.com *** Rich,
Thanks for your reply I also deploy using ClickOnce. I understand that it creates folders. The issue is that I need to create a new folder each month on the server. This folder will have information that will be used once, then retained for archival purposes. I think that it amounts to the fact that there needs to be some priviledge granted to some user to create folders and files on the server. Show quoteHide quote "Rich P" wrote: > Not sure if my suggestion will apply to your problem - but I deploy apps > on my lan using "Click Once". These apps all create folders except only > on the respective workstations that have downloaded the app. We have a > win2003 server at my place. I am thinking if multiple users will be > using your app and the app needs to create a folder on the server - it > is either a common folder or - if these will be individual folders - > wouldn't you want to create them on the local workstations where the app > is being executed? If it is a common folder - or the folder create > thing is a one time per user - you could create these folders manually > and just have the app(s) check for the existence of the folder(s). > > Rich > > *** Sent via Developersdex http://www.developersdex.com *** >  |
|||||||||||||||||||||||
Other interesting topics