ASP.NET : Intermittent 'Access Denied' Error When Uploading Files

Question

I have a .NET program to upload an image to a webserver. I am using the ASP.NET file uploading control to do it. The program works alright in my local environment but when I run it on the webserver, I get the following error:

>     System.UnauthorizedAccessException:
> Access to the path
> '\\fsvs02\target03\352972\352974\www.mysite.com\web\content\Images\TempStorage\tempImage.jpg'
> is denied.
>        at System.IO.__Error.WinIOError(Int32
> errorCode, String maybeFullPath)
>        at System.IO.FileStream.Init(String path,
> FileMode mode, FileAccess access,
> Int32 rights, Boolean useRights,
> FileShare share, Int32 bufferSize,
> FileOptions options,
> SECURITY_ATTRIBUTES secAttrs, String
> msgPath, Boolean bFromProxy)
>        at System.IO.FileStream..ctor(String
> path, FileMode mode)
>        at System.Web.HttpPostedFile.SaveAs(String
> filename)
>        at uploadimage.UploadImage()

A quick Google search confirmed that it is a permissions issue; but since it only happens intermittently, I don't have a plan for diagnosing how to fix it.

My question is: What should I do to diagnose and fix this issue?

Answer 1

Check if the problem only occurs when you copy files to your production environment instead of uploading them. Copied files may have more restrictive perimissions, denying access to the process your application runs in. When you try to overwrite such a file by uploading another one with the same name, the above exception is thrown.

The solution would be to only upload files directly through your app and to set the required permissions explicitely directly to the files that you copy from your test env.

Answer 2

It might also mean that the file has been locked by another process. e.g. two files being uploaded with the same name at the same time. Or another process is using the file you are attempting to overwrite.

Answer 3

What has not been mentioned is if your web application is public Internet or private intranet, and using Windows authentication? In such situation, it could be the case of users who are authorized (via NTFS permissions) to upload to that folder while others who do not. They are authenticated by their user accounts instead of anonymous NETWORK SERVICE or other account used for the IIS application pool.

Answer 4

Do you upload the file to the same filename for every user (it looks from the error message that this is the case)? If so, then it's probably as Ady says. Instead, use Path.GetTempFileName to generate a filename for your temporary file that won't collide with one that's already there. Make sure to move or delete the file when you're done or else you'll fill up the hard disk with temporary files.