Ask a Question related to ASP.NET Security, Design and Development.
-
Andrea D'Onofrio [MSFT] #1
Re: Access Denied w/Impersonate=true
The error says that the user doesn't have permission to access to the temp
folder. Using impersonate=true the user identity is the identity of the user
that opens the browser.
Please, check this article
[url]http://support.microsoft.com/default.aspx?kbid=317012#4[/url] in order to check
the permission needed.
Probably you may solve your problem setting for Everyone Full control on the
Temp folder.
HtH,
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Rich Yadach" <ryadach@travelers.com> wrote in message
news:u0delWoQEHA.1160@TK2MSFTNGP09.phx.gbl...web.config> Does anyone have any ideas or comments on this?
>
>
>
> The problem seems to stem from having Impersonate=True set in ourmsgPath,> files (Version 1.1).
>
>
>
> Here is the error we encountered .
>
>
>
> The actual filename changes every time you try to load the page:
>
> An error has occurred: Access to the path
> "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
>
>
>
> This is what I grabbed from the server's event viewer:
>
> 1) Exception Information
>
> *********************************************
>
> Exception Type: System.UnauthorizedAccessException
>
> Message: Access to the path
> "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
>
> TargetSite: Void WinIOError(Int32, System.String)
>
> HelpLink: NULL
>
> Source: mscorlib
>
>
>
> StackTrace Information
>
> *********************************************
>
> at System.IO.__Error.WinIOError(Int32 errorCode, String str)
>
> at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> access, FileShare share, Int32 bufferSize, Boolean useAsync, StringSystem.CodeDom.Compiler.CodeCompiler.System.CodeDo m.Compiler.ICodeCompiler.C> Boolean bFromProxy)
>
> at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> access, FileShare share)
>
> at System.CodeDom.Compiler.CodeCompiler.FromDomBatch( CompilerParameters
> options, CodeCompileUnit[] ea)
>
> at System.CodeDom.Compiler.CodeCompiler.FromDom(Compi lerParameters
> options, CodeCompileUnit e)
>
> at
>file,> ompileAssemblyFromDom(CompilerParameters options, CodeCompileUnit e)
>
> at System.Xml.Xsl.Compiler.CompileAssembly(ScriptingL anguage lang,
> Hashtable typeDecls, String nsName, Evidence evidence)
>
> at System.Xml.Xsl.Compiler.CompileScript(Evidence evidence)
>
> at System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
> xmlResolver, Evidence evidence)
>
> at System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
> XmlResolver resolver, Evidence evidence)
>
> at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver)
>
> at System.Xml.Xsl.XslTransform.Load(String url)
>
> at UI.Sitemap.PortalSiteMap.TransformXML()
>
>
>
> Here is what the code is doing.simply trying to load an XSL file
>
>
>
> Dim resultsXSLT As New Xsl.XslTransform()
>
> Dim xslFile As new String = "somexslfile..xsl"
>
> resultsXSLT.Load(xslFile) ß Exception Occurs Here
>
>
>
> The xsl file has imbedded within it VBScript.
>
>
>
>
> My theory on what is causing the error.
>
>
>
> Since the application code is loading the XSLdoing> which contains VBScript, I think the CLR is trying to JIT compile the code
> at runtime, and since Impersonate=True, isthe> this under the security context of the end user. This user does not have
> access rights to the c:\documents and Setting. directory
> listed above. When we turn Impersonate off everything works because the
> security context is now ASPNET and for version 1.1 of the
> frameworks this account was granted full control of the above mentioned
> directory (see link below). The reason I think the CLR is trying to JITcounters> VBScript is when we did some testing I noticed the CLR JIT perfmonway> being incremented when traversing thru this code.
>
>
>
> Here is a link to an identical problem (bet he had impersonate=true):
>
> [url]http://www.dotnet247.com/247reference/msgs/46/231289.aspx[/url]
>
>
>
> Not the same situation but does talk about impersonate=true and the
> Documents and Settings Folder:
>
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;827190[/url]
>
>
>
> Question:
>
>
>
> Can anyone confirm my theory and more importantly is there aand> to configure the location of the temp files used for JIT compiles? I'd
> rather not have to grant our end users full control to the C:\documents> settings. folder when Impersonate=true is set.
>
>
Andrea D'Onofrio [MSFT] Guest
-
Web Service + Anon Access, but getting 401 Access Denied Error
I have a simple webservice that just returns a string. The security for this is set to windows authentication in IIS (XP Professional) and anonymous... -
Impersonate, Windows Authentication and Database Access
Hi everyone, I am having problems in my Intranet web site. I recently changed the authentication mode from forms to windows. I turned "OFF" the... -
DirectoryEntry Impersonate or WindowsIdentity Impersonate?
Another security question. Our project interfaces with the Active Directory. To satisfy the security issues, we have a couple options when we talk... -
Access denied when creating Access application object
In an ASP file I am running the following in VBScript in order to extract data from an Access 2002 MDB file which is physically located in the... -
<identity impersonate> and NETWORK ACCESS DB-HELP
Hi folks. got a problem: i want to connect to an access db which is located on a network drive (seperate server). The server's name, where the... -
yadman #2 Re: Access Denied w/Impersonate=true
Thanks for the reply.
I agree, this is a potential solution, however, our company does not allow
ANYONE access (not even read) to the C: drive. Is there was a way to
configure the temp folder (and drive) that would be best. Is that possible?
"Andrea D'Onofrio [MSFT]" <andreado@online.microsoft.com> wrote in message
news:u2pEqJzQEHA.964@TK2MSFTNGP10.phx.gbl...user> The error says that the user doesn't have permission to access to the temp
> folder. Using impersonate=true the user identity is the identity of thethe> that opens the browser.
> Please, check this article
> [url]http://support.microsoft.com/default.aspx?kbid=317012#4[/url] in order to check
> the permission needed.
> Probably you may solve your problem setting for Everyone Full control onrights.> Temp folder.
>
> HtH,
> --
> This posting is provided "AS IS" with no warranties, and confers noSystem.CodeDom.Compiler.CodeCompiler.FromDomBatch( CompilerParameters>
> "Rich Yadach" <ryadach@travelers.com> wrote in message
> news:u0delWoQEHA.1160@TK2MSFTNGP09.phx.gbl...> web.config> > Does anyone have any ideas or comments on this?
> >
> >
> >
> > The problem seems to stem from having Impersonate=True set in our> msgPath,> > files (Version 1.1).
> >
> >
> >
> > Here is the error we encountered .
> >
> >
> >
> > The actual filename changes every time you try to load the page:
> >
> > An error has occurred: Access to the path
> > "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
> >
> >
> >
> > This is what I grabbed from the server's event viewer:
> >
> > 1) Exception Information
> >
> > *********************************************
> >
> > Exception Type: System.UnauthorizedAccessException
> >
> > Message: Access to the path
> > "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
> >
> > TargetSite: Void WinIOError(Int32, System.String)
> >
> > HelpLink: NULL
> >
> > Source: mscorlib
> >
> >
> >
> > StackTrace Information
> >
> > *********************************************
> >
> > at System.IO.__Error.WinIOError(Int32 errorCode, String str)
> >
> > at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> > access, FileShare share, Int32 bufferSize, Boolean useAsync, String> > Boolean bFromProxy)
> >
> > at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> > access, FileShare share)
> >
> > atSystem.CodeDom.Compiler.CodeCompiler.System.CodeDo m.Compiler.ICodeCompiler.C>> > options, CodeCompileUnit[] ea)
> >
> > at System.CodeDom.Compiler.CodeCompiler.FromDom(Compi lerParameters
> > options, CodeCompileUnit e)
> >
> > at
> >code> file,> > ompileAssemblyFromDom(CompilerParameters options, CodeCompileUnit e)
> >
> > at System.Xml.Xsl.Compiler.CompileAssembly(ScriptingL anguage lang,
> > Hashtable typeDecls, String nsName, Evidence evidence)
> >
> > at System.Xml.Xsl.Compiler.CompileScript(Evidence evidence)
> >
> > at System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
> > xmlResolver, Evidence evidence)
> >
> > at System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
> > XmlResolver resolver, Evidence evidence)
> >
> > at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver)
> >
> > at System.Xml.Xsl.XslTransform.Load(String url)
> >
> > at UI.Sitemap.PortalSiteMap.TransformXML()
> >
> >
> >
> > Here is what the code is doing.simply trying to load an XSL file
> >
> >
> >
> > Dim resultsXSLT As New Xsl.XslTransform()
> >
> > Dim xslFile As new String = "somexslfile..xsl"
> >
> > resultsXSLT.Load(xslFile) ß Exception Occurs Here
> >
> >
> >
> > The xsl file has imbedded within it VBScript.
> >
> >
> >
> >
> > My theory on what is causing the error.
> >
> >
> >
> > Since the application code is loading the XSL> > which contains VBScript, I think the CLR is trying to JIT compile thehave> doing> > at runtime, and since Impersonate=True, is> > this under the security context of the end user. This user does not> the> > access rights to the c:\documents and Setting. directory
> > listed above. When we turn Impersonate off everything works because the
> > security context is now ASPNET and for version 1.1 of the
> > frameworks this account was granted full control of the above mentioned
> > directory (see link below). The reason I think the CLR is trying to JIT> counters> > VBScript is when we did some testing I noticed the CLR JIT perfmon> way> > being incremented when traversing thru this code.
> >
> >
> >
> > Here is a link to an identical problem (bet he had impersonate=true):
> >
> > [url]http://www.dotnet247.com/247reference/msgs/46/231289.aspx[/url]
> >
> >
> >
> > Not the same situation but does talk about impersonate=true and the
> > Documents and Settings Folder:
> >
> > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;827190[/url]
> >
> >
> >
> > Question:
> >
> >
> >
> > Can anyone confirm my theory and more importantly is there a> and> > to configure the location of the temp files used for JIT compiles? I'd
> > rather not have to grant our end users full control to the C:\documents>> > settings. folder when Impersonate=true is set.
> >
> >
>
yadman Guest
-
Raymond Lewallen #3 Re: Access Denied w/Impersonate=true
Is giving Everyone Full Control a sound solution? Isn't this bypassing
pinning down the appropriate permission settings and setting access rights
appropriately?
"Andrea D'Onofrio [MSFT]" <andreado@online.microsoft.com> wrote in message
news:u2pEqJzQEHA.964@TK2MSFTNGP10.phx.gbl...user> The error says that the user doesn't have permission to access to the temp
> folder. Using impersonate=true the user identity is the identity of thethe> that opens the browser.
> Please, check this article
> [url]http://support.microsoft.com/default.aspx?kbid=317012#4[/url] in order to check
> the permission needed.
> Probably you may solve your problem setting for Everyone Full control onrights.> Temp folder.
>
> HtH,
> --
> This posting is provided "AS IS" with no warranties, and confers noSystem.CodeDom.Compiler.CodeCompiler.FromDomBatch( CompilerParameters>
> "Rich Yadach" <ryadach@travelers.com> wrote in message
> news:u0delWoQEHA.1160@TK2MSFTNGP09.phx.gbl...> web.config> > Does anyone have any ideas or comments on this?
> >
> >
> >
> > The problem seems to stem from having Impersonate=True set in our> msgPath,> > files (Version 1.1).
> >
> >
> >
> > Here is the error we encountered .
> >
> >
> >
> > The actual filename changes every time you try to load the page:
> >
> > An error has occurred: Access to the path
> > "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
> >
> >
> >
> > This is what I grabbed from the server's event viewer:
> >
> > 1) Exception Information
> >
> > *********************************************
> >
> > Exception Type: System.UnauthorizedAccessException
> >
> > Message: Access to the path
> > "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
> >
> > TargetSite: Void WinIOError(Int32, System.String)
> >
> > HelpLink: NULL
> >
> > Source: mscorlib
> >
> >
> >
> > StackTrace Information
> >
> > *********************************************
> >
> > at System.IO.__Error.WinIOError(Int32 errorCode, String str)
> >
> > at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> > access, FileShare share, Int32 bufferSize, Boolean useAsync, String> > Boolean bFromProxy)
> >
> > at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> > access, FileShare share)
> >
> > atSystem.CodeDom.Compiler.CodeCompiler.System.CodeDo m.Compiler.ICodeCompiler.C>> > options, CodeCompileUnit[] ea)
> >
> > at System.CodeDom.Compiler.CodeCompiler.FromDom(Compi lerParameters
> > options, CodeCompileUnit e)
> >
> > at
> >code> file,> > ompileAssemblyFromDom(CompilerParameters options, CodeCompileUnit e)
> >
> > at System.Xml.Xsl.Compiler.CompileAssembly(ScriptingL anguage lang,
> > Hashtable typeDecls, String nsName, Evidence evidence)
> >
> > at System.Xml.Xsl.Compiler.CompileScript(Evidence evidence)
> >
> > at System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
> > xmlResolver, Evidence evidence)
> >
> > at System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
> > XmlResolver resolver, Evidence evidence)
> >
> > at System.Xml.Xsl.XslTransform.Load(String url, XmlResolver resolver)
> >
> > at System.Xml.Xsl.XslTransform.Load(String url)
> >
> > at UI.Sitemap.PortalSiteMap.TransformXML()
> >
> >
> >
> > Here is what the code is doing.simply trying to load an XSL file
> >
> >
> >
> > Dim resultsXSLT As New Xsl.XslTransform()
> >
> > Dim xslFile As new String = "somexslfile..xsl"
> >
> > resultsXSLT.Load(xslFile) ß Exception Occurs Here
> >
> >
> >
> > The xsl file has imbedded within it VBScript.
> >
> >
> >
> >
> > My theory on what is causing the error.
> >
> >
> >
> > Since the application code is loading the XSL> > which contains VBScript, I think the CLR is trying to JIT compile thehave> doing> > at runtime, and since Impersonate=True, is> > this under the security context of the end user. This user does not> the> > access rights to the c:\documents and Setting. directory
> > listed above. When we turn Impersonate off everything works because the
> > security context is now ASPNET and for version 1.1 of the
> > frameworks this account was granted full control of the above mentioned
> > directory (see link below). The reason I think the CLR is trying to JIT> counters> > VBScript is when we did some testing I noticed the CLR JIT perfmon> way> > being incremented when traversing thru this code.
> >
> >
> >
> > Here is a link to an identical problem (bet he had impersonate=true):
> >
> > [url]http://www.dotnet247.com/247reference/msgs/46/231289.aspx[/url]
> >
> >
> >
> > Not the same situation but does talk about impersonate=true and the
> > Documents and Settings Folder:
> >
> > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;827190[/url]
> >
> >
> >
> > Question:
> >
> >
> >
> > Can anyone confirm my theory and more importantly is there a> and> > to configure the location of the temp files used for JIT compiles? I'd
> > rather not have to grant our end users full control to the C:\documents>> > settings. folder when Impersonate=true is set.
> >
> >
>
Raymond Lewallen Guest
-
Andrea D'Onofrio [MSFT] #4 Re: Access Denied w/Impersonate=true
I'm sorry but I didn't mean use MUST use Everyone full control to to solve
your issue.
The best things to do is to set the appropriate permission settings, this is
because I've sent the article link: specifically for the temp folder you
must have the read/write access for the process account. This is
configuration dependent: the default is aspnet, but if you use impersonation
and Windows Integrated/Basic/Digest Authentication all the requester users
MUST have this grant. In this this case you can create a domain group and
grant the read/write access to this group.
If you use the Anonymous authentication you must grant the read/write access
to this account configured in IIS (default is IUSR_MachineName).
HtH,
Andrea
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Raymond Lewallen" <Raymond.CTR.Lewallen@nospam.faa.gov> wrote in message
news:%23opfwx0QEHA.3616@TK2MSFTNGP09.phx.gbl...temp> Is giving Everyone Full Control a sound solution? Isn't this bypassing
> pinning down the appropriate permission settings and setting access rights
> appropriately?
>
> "Andrea D'Onofrio [MSFT]" <andreado@online.microsoft.com> wrote in message
> news:u2pEqJzQEHA.964@TK2MSFTNGP10.phx.gbl...> > The error says that the user doesn't have permission to access to thecheck> user> > folder. Using impersonate=true the user identity is the identity of the> > that opens the browser.
> > Please, check this article
> > [url]http://support.microsoft.com/default.aspx?kbid=317012#4[/url] in order toFileAccess> the> > the permission needed.
> > Probably you may solve your problem setting for Everyone Full control on> rights.> > Temp folder.
> >
> > HtH,
> > --
> > This posting is provided "AS IS" with no warranties, and confers no> >
> > "Rich Yadach" <ryadach@travelers.com> wrote in message
> > news:u0delWoQEHA.1160@TK2MSFTNGP09.phx.gbl...> > web.config> > > Does anyone have any ideas or comments on this?
> > >
> > >
> > >
> > > The problem seems to stem from having Impersonate=True set in our> > > files (Version 1.1).
> > >
> > >
> > >
> > > Here is the error we encountered .
> > >
> > >
> > >
> > > The actual filename changes every time you try to load the page:
> > >
> > > An error has occurred: Access to the path
> > > "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
> > >
> > >
> > >
> > > This is what I grabbed from the server's event viewer:
> > >
> > > 1) Exception Information
> > >
> > > *********************************************
> > >
> > > Exception Type: System.UnauthorizedAccessException
> > >
> > > Message: Access to the path
> > > "C:\DOCUME~1\servername\ASPNET\LOCALS~1\Temp\olvtg 0lf.0.vb" is denied.
> > >
> > > TargetSite: Void WinIOError(Int32, System.String)
> > >
> > > HelpLink: NULL
> > >
> > > Source: mscorlib
> > >
> > >
> > >
> > > StackTrace Information
> > >
> > > *********************************************
> > >
> > > at System.IO.__Error.WinIOError(Int32 errorCode, String str)
> > >
> > > at System.IO.FileStream..ctor(String path, FileMode mode,FileAccess> > msgPath,> > > access, FileShare share, Int32 bufferSize, Boolean useAsync, String> > > Boolean bFromProxy)
> > >
> > > at System.IO.FileStream..ctor(String path, FileMode mode,System.CodeDom.Compiler.CodeCompiler.System.CodeDo m.Compiler.ICodeCompiler.C> System.CodeDom.Compiler.CodeCompiler.FromDomBatch( CompilerParameters> > > access, FileShare share)
> > >
> > > at>> >> > > options, CodeCompileUnit[] ea)
> > >
> > > at System.CodeDom.Compiler.CodeCompiler.FromDom(Compi lerParameters
> > > options, CodeCompileUnit e)
> > >
> > > at
> > >XmlResolver> > > ompileAssemblyFromDom(CompilerParameters options, CodeCompileUnit e)
> > >
> > > at System.Xml.Xsl.Compiler.CompileAssembly(ScriptingL anguage lang,
> > > Hashtable typeDecls, String nsName, Evidence evidence)
> > >
> > > at System.Xml.Xsl.Compiler.CompileScript(Evidence evidence)
> > >
> > > at System.Xml.Xsl.Compiler.Compile(NavigatorInput input,resolver)> > > xmlResolver, Evidence evidence)
> > >
> > > at System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
> > > XmlResolver resolver, Evidence evidence)
> > >
> > > at System.Xml.Xsl.XslTransform.Load(String url, XmlResolverdirectory> code> > file,> > >
> > > at System.Xml.Xsl.XslTransform.Load(String url)
> > >
> > > at UI.Sitemap.PortalSiteMap.TransformXML()
> > >
> > >
> > >
> > > Here is what the code is doing.simply trying to load an XSL file
> > >
> > >
> > >
> > > Dim resultsXSLT As New Xsl.XslTransform()
> > >
> > > Dim xslFile As new String = "somexslfile..xsl"
> > >
> > > resultsXSLT.Load(xslFile) ß Exception Occurs Here
> > >
> > >
> > >
> > > The xsl file has imbedded within it VBScript.
> > >
> > >
> > >
> > >
> > > My theory on what is causing the error.
> > >
> > >
> > >
> > > Since the application code is loading the XSL> > > which contains VBScript, I think the CLR is trying to JIT compile the> have> > doing> > > at runtime, and since Impersonate=True, is> > > this under the security context of the end user. This user does not> > > access rights to the c:\documents and Setting.the> > > listed above. When we turn Impersonate off everything works becausementioned> > > security context is now ASPNET and for version 1.1 of the
> > > frameworks this account was granted full control of the aboveJIT> > > directory (see link below). The reason I think the CLR is trying toa> > the> > counters> > > VBScript is when we did some testing I noticed the CLR JIT perfmon> > > being incremented when traversing thru this code.
> > >
> > >
> > >
> > > Here is a link to an identical problem (bet he had impersonate=true):
> > >
> > > [url]http://www.dotnet247.com/247reference/msgs/46/231289.aspx[/url]
> > >
> > >
> > >
> > > Not the same situation but does talk about impersonate=true and the
> > > Documents and Settings Folder:
> > >
> > > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;827190[/url]
> > >
> > >
> > >
> > > Question:
> > >
> > >
> > >
> > > Can anyone confirm my theory and more importantly is thereI'd> > way> > > to configure the location of the temp files used for JIT compiles?C:\documents> > > rather not have to grant our end users full control to the>> > and> >> > > settings. folder when Impersonate=true is set.
> > >
> > >
> >
>
Andrea D'Onofrio [MSFT] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
