ASP.NET - I am generating an .XLS file with a DLL, how do I grant permissions for writing to file? (IIS 7)

Question

I'm generating an .XLS file with a DLL (Excel Library http://code.google.com/p/excellibrary/)

I've added this DLL as a reference to my project.

The code to save the .XLS to disk is running, but it's encountering a permissions issue.

I've attempted to set full access for IUSRS, Network Service, and Everyone just to see if I could get it working, and none of these seems to make a difference.

Here's where I'm trying to write the file:

c:/temp/test1.xls

Here's the error:

[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +54
   System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +2103
   System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +138
   System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +89
   System.IO.File.Open(String path, FileMode mode, FileAccess access, FileShare share) +58
   ExcelLibrary.Office.CompoundDocumentFormat.CompoundDocument.Create(String file) +88
   ExcelLibrary.Office.Excel.Workbook.Save(String file) +73
   CHC_Reports.LitAnalysis.CreateSpreadSheet_Click(Object sender, EventArgs e) in C:\Users\brian\Desktop\Enterprise Manager\CHC_Reports\LitAnalysis.aspx.vb:19
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11041511
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11041050
   System.Web.UI.Page.ProcessRequest() +91
   System.Web.UI.Page.ProcessRequest(HttpContext context) +240
   ASP.litanalysis_aspx.ProcessRequest(HttpContext context) +52
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +599
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171

Any idea what I need to do to diagnose the permissions issue and allow the file creation?

Thanks.

Answer 1

I think this doesn't have to do with the file security, but rather .NET code access security. You can install the .NET SDK which will add something like ".NET 2.0 Configuration" in Administrative Tools where you can configure it, or use the caspol command line utility. Also, check this article specifically for ASP.NET: http://msdn.microsoft.com/en-us/library/ms998326.aspx

Edit: Now that I look a bit more, notice *CodeAccessSecurity*Engine. It definitely seems to be what I thought. You give or deny specific permissions to .NET applications based on URI, strong name, etc. Those permissions include access to files, the registry, etc.

Answer 2

When writing a file to the HDD from IIS, you need to set "write" permissions on the folder (for your example, c:\temp). This is because some IO processes delete, then recreate a file (instead of just updating), and the permissions are destroyed when the file is deleted. Usually, you need to grant read/write to IUSR*, IWAM* and ASPNET.

Answer 3

I believe that Nelson was on the right track for 90% of people that run into this error... and I believe that tgolisch was on the right track for about 8% of the remaining.

However, the application pool that was serving up my application apparently did not have specific rights to write to the folders in question. Therefore, I switched the application pool being used to serve up the application to run under the context: Local System.

When I deploy the application, I will need to determine which identity the application pool is running under and verify that it has access to the appropriate folders.