HttpPostedFile.SaveAs() throws UnauthorizedAccessException even though the file is saved?

Question

I have an aspx page with multiple FileUpload controls and one Upload button. In the click handler I save the files like this:

string path = "...";
for (int i = 0; i < Request.Files.Count - 1; i++)
{
    HttpPostedFile file = Request.Files[i];
    string fileName = Path.GetFileName(file.FileName);
    string saveAsPath = Path.Combine(path, fileName);
    file.SaveAs(saveAsPath);
}

When file.SaveAs() is called, it throws:

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.UnauthorizedAccessException: Access to the path '...' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode) at System.Web.HttpPostedFile.SaveAs(String filename) at Belden.Web.Intranet.Iso.Complaints.AttachmentUploader.btnUpload_Click(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) --- End of inner exception stack trace --- at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.departments_iso_complaints_uploadfiles_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Now here's the fun part. The file is saved correctly! So why is it throwing this exception?

Update

I fixed it by checking for a non zero ContentLength:

string path = "...";
for (int i = 0; i < Request.Files.Count - 1; i++)
{
    HttpPostedFile file = Request.Files[i];
    if (file.ContentLength == 0)
    {
        continue;
    }

    string fileName = Path.GetFileName(file.FileName);
    string saveAsPath = Path.Combine(path, fileName);
    file.SaveAs(saveAsPath);
}

Answer 1

Interesting... my first question is, are you absolutely sure that really is the line of code that is throwing the exception?

Two... does it go away if you (temporarily) grant Everyone access to that path?

How are your permissions set up now? What user is running ASP.NET? Are you using impersonation?

Answer 2

try to use

file.SaveAs(server.mappath(saveAsPath));

Answer 3

I fixed it by checking for a non zero ContentLength:

string path = "...";
for (int i = 0; i < Request.Files.Count - 1; i++)
{
    HttpPostedFile file = Request.Files[i];
    if (file.ContentLength == 0)
    {
        continue;
    }

    string fileName = Path.GetFileName(file.FileName);
    string saveAsPath = Path.Combine(path, fileName);
    file.SaveAs(saveAsPath);
}

Sometimes its the simple things that I overlook ...