I’ve got an ASP.NET web app which is trying to execute the CreateRepository method within SharpSvn so that new repos can be provisioned through a web interface. Everything runs fine when executing the app from within Visual Studio as it’s running under my own identity which has rights to the VisualSVN server instance running on my local machine. However, if I run the app under IIS on my local XP machine then the asp.net worker process executes under the local aspnet account which I can’t seem to grant the rights to create repositories. No matter how far I expand the rights (even into the local admin or VisualSVN admin groups), SharpSvn continually throws an SvnAuthorizationException and I get a corresponding entry in the security event log under the aspnet account.
Here's what the code is doing:
string repoPath = string.Format("{0}{1}", repoFolderPath, repoName);
using (var svnRepoClient = new SvnRepositoryClient())
{
svnRepoClient.LoadConfiguration(repoPath);
svnRepoClient.CreateRepository(repoPath);
}
Which is resulting in this stack trace:
[SvnAuthorizationException: Can't create directory 'E:\Repositories\TestRepoName': Access is denied. ]
[SvnAuthorizationException: Could not create top-level directory]
[SvnAuthorizationException: Repository creation failed]
SharpSvn.SvnClientArgs.HandleResult(SvnClientContext client, SvnException error) +165
SharpSvn.SvnClientArgs.HandleResult(SvnClientContext client, svn_error_t* error) +80
SharpSvn.SvnRepositoryClient.CreateRepository(String repositoryPath, SvnCreateRepositoryArgs args) +828
SharpSvn.SvnRepositoryClient.CreateRepository(String repositoryPath) +53
RepoManager.DataAccess.RepoDataAccess.CreateRepo(String repoName, String projectName, Employee creatorEmployee) +183
RepoManager.Web.Default.SubmitButton_Click(Object sender, EventArgs e) +357
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +110
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
It looks like an alternative is to configure the web.config to impersonate another account (such as a domain level account) but it seems verbose when all I want to do is to grant the aspnet account the appropriate rights.
Does anyone have any suggestions on how this can be done? What is it about the aspnet account configuration that makes it seemingly impossible to grant these rights to?
I’m not sure if this can be tackled through the app pool identity when this goes onto a production server but it still doesn’t address the problems running locally under IIS.