tags:

views:

527

answers:

2
Q: 

How do you create folders and specify access permissions on them at the same time?

I have a windows forms application which serves as a sort of administrative module for an ASP.NET web application. The web application serves multiple countries, and folders are created when new countries are added to the application data.

Unfortunately on the newly added countries I run into an exception with the web application when I go and try to write files in the folders:

System.UnauthorizedAccessException: Access to the path 'C:\...' is denied.

With the web application using ASP.NET impersonation, it's obvious that the default IIS user (MACHINENAME\IUSR_MACHINENAME) has no permissions to write into the folder.

How do I grant permission the the default IIS user upon folder creation?

I understand that

System.IO.Directory.CreateDirectory(string path, DirectorySecurity directorySecurity)

should do this, but I don't understand how to specify the log on name on the DirectorySecurity object.

+2  A: 

Grant permission to create directories and files (read/write/modify/...) to the worker process group (sysname\iis_wpg) to the parent directory of where you want to create the new directories. Make sure that you've set the permissions to apply to this folder, subfolders, and files, then the permissions will be inherited for new folders you create and you won't need to apply them specifically. Rather than doing this for all of App_Data, I'd suggest creating a specific subdirectory and only granting permissions on that subdirectory. If you have multiple apps running on the box you might want to create a new user for the app to run as, change the id of the worker process group, and grant only permission to that specific user.

tvanfosson  2009-04-03 10:56:21
A: 

This is the solution I used eventually:

        if (!Directory.Exists(path))
        {
            Directory.CreateDirectory(path);
            DirectoryInfo info = new DirectoryInfo(path);
            DirectorySecurity security = info.GetAccessControl();

            security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
            security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));

            info.SetAccessControl(security); 
        }
Jon Limjap  2009-04-15 11:35:43
This is not a great solution, as the directory initially has only default permissions, which are then replaced. In principle, it is possible to hijack the directory by changing its owner to lock the original creator out. For an example of how to specify DirectorySecurity as part of the CreateSubDirectory, see http://stackoverflow.com/questions/1532014/file-permissions-do-not-inherit-directory-permissions
Steven Sudit  2010-05-24 18:53:14

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps