views:

827

answers:

2

I was trying to run a ASP.net 2.0 site under impersonation and something seems to have gone wrong. I undid my changes in the ASP.Net IIS Configuration applet.

However now I am stuck with this error

System.UnauthorizedAccessException: Access to the temp directory is denied.  Identity 'MACHINE\ASPNET' under which XmlSerializer is running does not have sufficient permission to access the temp directory.  CodeDom will use the user account the process is using to do the compilation, so if the user doesnt have access to system temp directory, you will not be able to compile.  Use Path.GetTempPath() API to find out the temp directory location.
   at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence)
   at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, XmlSerializerCompilerParameters parameters, Assembly assembly, Hashtable assemblies)
   at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence)
   at System.Xml.Serialization.XmlSerializer.FromMappings(XmlMapping[] mappings, Evidence evidence)
   at System.Web.Services.Protocols.XmlReturn.GetInitializers(LogicalMethodInfo[] methodInfos)

So I tried changing the temp path - however MSDN doesn't state as to how it derives this value. I tried setting the TEMP and TMP environment variables but that didnt affect it either. It still points to C:\Tmp folder which is mapped as a drive due to some admin policy apparently from a Mordac like character around these parts.

Update: It seems that the change has now belatedly taken effect. Path.GetTempPath now shows the value i set to those 2 environment variables.

A: 

Use \\live.sysinternals.com\tools\ProcMon.exe to determine where the writing is taking place, but I think you already know where.

Then you can assign the identity that's being refused permissions the required poermissions.

In this case Machine\ASPNET needs create & write in wherever your temp dir is.

If you go playing with the environment variables, the ASP.NET process would need a restart to pick up the modification, but you'd still end up with a problem, as by default a set of protections are applied to the directory that prevents multiple indeitities form writing to the same area.

Ruben Bartelink
I've tried running with 2 admin user accounts and it still gives the same error and mentions the admin user name in the error message. So I'm not sure of what is happening here...
Gishu
Did you modify the file security on the temp dir to allow the ASPNET user to write files in there? Unless you're sure based on procmon stuff or having the app pool running as that admin user (i.e. not relying on impoersonation) there's a chance thats the issue. Unfortunately I need to go offline now for a long time so I hope you suss it, or someone else does!
Ruben Bartelink
+1  A: 

You can alter the temp path for the XMLSerializer explicitly without having to change the environment variables for the machine. To do this, put

<xmlSerializer tempFilesLocation="c:\\newTemp"/>

in you app.config file.

Scott Hanselman has an article entitled "Changing where XmlSerializer Outputs Temporary Assemblies" about it.

adrianbanks