Ask a Question related to Macromedia Contribute General Discussion, Design and Development.
-
Otis #1
File permissions
I have files located on an old HD that are encrypted.
When I reinstalled XP I no longer have access to these
files. I can see them but not access them. Does anyone
know how to view my files again?
Otis Guest
-
file permissions - ack!
Hello. This is driving me a little nuts.... Cannot create, write to or unlink any files using PHP. Can open and close files within my web space... -
PHP file permissions?
I've made a copy of a log file and tried to display it through a php file, but nothing comes up. I know passthru command works because I can run it... -
Setting the file permissions of a file I'm writing to
Is it possible to specify the permissions of a file I create when I: open ("FOO", "> ./bar") or die ("Could not create file"); Thanks in... -
FTP file permissions
whenever a user uses FTP to transfer a file to the UNIX box, that file always gets 640 permissions. I want those files to get 666 permissions. How... -
how do you deal with file permissions?
I have some problems with files, like alert_sid.log, it is owned by oracle:dba, I'm a member of dba group, but I can't modiy or delete alert file... -
Miha Pihler #2 Re: File permissions
Is your PC part of a domain? If yes ask your domain administrator for help
(he MIGHT be able to help you).
If your PC is not part of a domain and you haven't exported EFS certificate
with which you encrypted your files, they are unfortunately as good as gone.
Mike
"Otis" <otis@enterneti.com> wrote in message
news:028301c34bdd$31cd2750$a601280a@phx.gbl...> I have files located on an old HD that are encrypted.
> When I reinstalled XP I no longer have access to these
> files. I can see them but not access them. Does anyone
> know how to view my files again?
Miha Pihler Guest
-
James Martin #3 file permissions
I have a W2K server, running IIS 6 and Active Directory
Services. I have an ASP.Net application off the root web
directory named "Apps". Within the IIS Manager I have the
Authentication method set to "Anonymous Access" as well
as "Authenticated Access" using "Integrated Windows
Authentication" for both the root web and the "Apps" sub-
directory. All files and directories under the "Apps"
folder are set in this manner.
The web config file is set to use "Windows" for
Authentication and "*" for Authorization.
Using Explorer I have changed the permissions for one file
in the "Apps" directory. For this file, let's call
it "myfile.aspx", I have removed the "Everyone" group. The
permissions for this file are as follows:
Creator Owner - Full Control
System - Full Control
mydomain\Administrators - Full Control
mydomain\MyGroup - Read, Read/Execute
If I attempt to access any file on this web via a web
browser it works as it should with the exception of this
single file, "myfile.aspx". When attempting to access this
file it will ask for a username/password/domain and will
not accept anyone, including anyone from
the "Administrators" or "MyGroup" groups.
The error I get in the browser is:
Server Error in '/Apps' Application.
-----------------------------------------------------------
---------------------
Access is denied.
Description: An error occurred while accessing the
resources required to serve this request. You might not
have permission to view the requested resources.
Error message 401.3: You do not have permission to view
this directory or page using the credentials you supplied
(access denied due to ACLs). Ask the Web server's
administrator to give you access
to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
-----------------------------------------------------------
---------------------
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
This is the same basic configuration I use on other web
servers for security and have not had this problem before.
I have another server within this domain that is
configured in the same manner that works although it is
not an ASP.Net application. I have tried this from systems
logged into the domain and from systems not logged into
the domain with the same results.
James Martin Guest
-
Jim Cheshire [MSFT] #4 RE: file permissions
James,
In the scenario you describe, you will need to give the aspnet_wp.exe
process account access or make it a member of your group. By default, this
would be the ASPNET account.
You can also enable impersonation and deny unauthenticated users so that
you get the identity of the user actually browsing the site.
Jim Cheshire [MSFT]
Developer Support
ASP.NET
[email]jamesche@online.microsoft.com[/email]
This post is provided as-is with no warranties and confers no rights.
--------------------microsoft.public.dotnet.framework.aspnet.security: 7186>Content-Class: urn:content-classes:message
>From: "James Martin" <anonymous@discussions.microsoft.com>
>Sender: "James Martin" <anonymous@discussions.microsoft.com>
>Subject: file permissions
>Date: Wed, 15 Oct 2003 09:21:31 -0700
>Lines: 58
>Message-ID: <037001c39338$6513bd70$a101280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOTOGUTgn87zP1oTlWgylW3LfDTgQ==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>I have a W2K server, running IIS 6 and Active Directory
>Services. I have an ASP.Net application off the root web
>directory named "Apps". Within the IIS Manager I have the
>Authentication method set to "Anonymous Access" as well
>as "Authenticated Access" using "Integrated Windows
>Authentication" for both the root web and the "Apps" sub-
>directory. All files and directories under the "Apps"
>folder are set in this manner.
>
>The web config file is set to use "Windows" for
>Authentication and "*" for Authorization.
>
>Using Explorer I have changed the permissions for one file
>in the "Apps" directory. For this file, let's call
>it "myfile.aspx", I have removed the "Everyone" group. The
>permissions for this file are as follows:
>
>Creator Owner - Full Control
>System - Full Control
>mydomain\Administrators - Full Control
>mydomain\MyGroup - Read, Read/Execute
>
>If I attempt to access any file on this web via a web
>browser it works as it should with the exception of this
>single file, "myfile.aspx". When attempting to access this
>file it will ask for a username/password/domain and will
>not accept anyone, including anyone from
>the "Administrators" or "MyGroup" groups.
>The error I get in the browser is:
>
>Server Error in '/Apps' Application.
>-----------------------------------------------------------
>---------------------
>
>Access is denied.
>Description: An error occurred while accessing the
>resources required to serve this request. You might not
>have permission to view the requested resources.
>
>Error message 401.3: You do not have permission to view
>this directory or page using the credentials you supplied
>(access denied due to ACLs). Ask the Web server's
>administrator to give you access
>to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
>
>
>-----------------------------------------------------------
>---------------------
>Version Information: Microsoft .NET Framework
>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>
>This is the same basic configuration I use on other web
>servers for security and have not had this problem before.
>I have another server within this domain that is
>configured in the same manner that works although it is
>not an ASP.Net application. I have tried this from systems
>logged into the domain and from systems not logged into
>the domain with the same results.
>Jim Cheshire [MSFT] Guest
-
James Martin #5 RE: file permissions
Okay in web.config I have :
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="true" userName="" password=""/>
I added mydomain\ASPNET to the ACL.
When I attempt to access the page I am NO LONGER prompted
for a username/password/domain and the web page returned
reports the following:
Server Error in '/Apps' Application.
-----------------------------------------------------------
---------------------
Access is denied.
Description: An unhandled exception occurred during the
execution of the current web request. Please review the
stack trace for more information about the error and where
it originated in the code.
Exception Details: System.ApplicationException: Access is
denied.
Source Error:
An unhandled exception was generated during the execution
of the current web request. Information regarding the
origin and location of the exception can be identified
using the exception stack trace below.
Stack Trace:
[ApplicationException: Access is denied.
]
System.Security.Principal.WindowsIdentity._Resolve Identity
(IntPtr userToken) +0
System.Security.Principal.WindowsIdentity.get_Name () +71
System.Web.Configuration.AuthorizationConfigRule.I sUserAllo
wed(IPrincipal user, String verb) +100
System.Web.Configuration.AuthorizationConfig.IsUse rAllowed
(IPrincipal user, String verb) +81
System.Web.Security.UrlAuthorizationModule.OnEnter
(Object source, EventArgs eventArgs) +178
System.Web.SyncEventExecutionStep.System.Web.HttpA pplicatio
n+IExecutionStep.Execute() +60
System.Web.HttpApplication.ExecuteStep(IExecutionS tep
step, Boolean& completedSynchronously) +87
aspnet_wp.exe>-----Original Message-----
>James,
>
>In the scenario you describe, you will need to give thegroup. By default, this>process account access or make it a member of yourunauthenticated users so that>would be the ASPNET account.
>
>You can also enable impersonation and denysite.>you get the identity of the user actually browsing theconfers no rights.>
>Jim Cheshire [MSFT]
>Developer Support
>ASP.NET
>jamesche@online.microsoft.com
>
>This post is provided as-is with no warranties and<anonymous@discussions.microsoft.com>>
>-------------------->>Content-Class: urn:content-classes:message
>>From: "James Martin"<anonymous@discussions.microsoft.com>>>Sender: "James Martin"microsoft.public.dotnet.framework.aspnet.security>>Subject: file permissions
>>Date: Wed, 15 Oct 2003 09:21:31 -0700
>>Lines: 58
>>Message-ID: <037001c39338$6513bd70$a101280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Thread-Index: AcOTOGUTgn87zP1oTlWgylW3LfDTgQ==
>>Newsgroups:microsoft.public.dotnet.framework.aspnet.security>microsoft.public.dotnet.framework.aspnet.security :7186>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>X-Tomcat-NG:the>>
>>I have a W2K server, running IIS 6 and Active Directory
>>Services. I have an ASP.Net application off the root web
>>directory named "Apps". Within the IIS Manager I havefile>>Authentication method set to "Anonymous Access" as well
>>as "Authenticated Access" using "Integrated Windows
>>Authentication" for both the root web and the "Apps" sub-
>>directory. All files and directories under the "Apps"
>>folder are set in this manner.
>>
>>The web config file is set to use "Windows" for
>>Authentication and "*" for Authorization.
>>
>>Using Explorer I have changed the permissions for oneThe>>in the "Apps" directory. For this file, let's call
>>it "myfile.aspx", I have removed the "Everyone" group.this>>permissions for this file are as follows:
>>
>>Creator Owner - Full Control
>>System - Full Control
>>mydomain\Administrators - Full Control
>>mydomain\MyGroup - Read, Read/Execute
>>
>>If I attempt to access any file on this web via a web
>>browser it works as it should with the exception of this
>>single file, "myfile.aspx". When attempting to access-->>file it will ask for a username/password/domain and will
>>not accept anyone, including anyone from
>>the "Administrators" or "MyGroup" groups.
>>The error I get in the browser is:
>>
>>Server Error in '/Apps' Application.
>>---------------------------------------------------------supplied>>---------------------
>>
>>Access is denied.
>>Description: An error occurred while accessing the
>>resources required to serve this request. You might not
>>have permission to view the requested resources.
>>
>>Error message 401.3: You do not have permission to view
>>this directory or page using the credentials you-->>(access denied due to ACLs). Ask the Web server's
>>administrator to give you access
>>to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
>>
>>
>>---------------------------------------------------------before.>>---------------------
>>Version Information: Microsoft .NET Framework
>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>
>>This is the same basic configuration I use on other web
>>servers for security and have not had this problemsystems>>I have another server within this domain that is
>>configured in the same manner that works although it is
>>not an ASP.Net application. I have tried this from>>>logged into the domain and from systems not logged into
>>the domain with the same results.
>>
>.
>James Martin Guest
-
Jim Cheshire [MSFT] #6 RE: file permissions
James,
This is definitely a permissions issue. The easiest way to troubleshoot
these issues it to use Filemon from [url]www.sysinternals.com[/url]. You can get a
log of the request and look for an ACCDENIED. The new version will tell
you what the user account is that is being denied access and where they are
being denied.
Jim Cheshire [MSFT]
Developer Support
ASP.NET
[email]jamesche@online.microsoft.com[/email]
This post is provided as-is with no warranties and confers no rights.
--------------------<web8eg1kDHA.688@cpmsftngxa06.phx.gbl>>Content-Class: urn:content-classes:message
>From: "James Martin" <anonymous@discussions.microsoft.com>
>Sender: "James Martin" <anonymous@discussions.microsoft.com>
>References: <037001c39338$6513bd70$a101280a@phx.gbl>microsoft.public.dotnet.framework.aspnet.security: 7196>Subject: RE: file permissions
>Date: Wed, 15 Oct 2003 16:55:18 -0700
>Lines: 179
>Message-ID: <0a9601c39377$c94fd730$a101280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOTd8lNFW+h1BH6S7y6nZmtQUdOYg==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Okay in web.config I have :
>
><authentication mode="Windows" />
><authorization>
> <deny users="?" />
></authorization>
><identity impersonate="true" userName="" password=""/>
>
>
>I added mydomain\ASPNET to the ACL.
>
>When I attempt to access the page I am NO LONGER prompted
>for a username/password/domain and the web page returned
>reports the following:
>
>Server Error in '/Apps' Application.
>-----------------------------------------------------------
>---------------------
>
>Access is denied.
>Description: An unhandled exception occurred during the
>execution of the current web request. Please review the
>stack trace for more information about the error and where
>it originated in the code.
>
>Exception Details: System.ApplicationException: Access is
>denied.
>
>Source Error:
>
>An unhandled exception was generated during the execution
>of the current web request. Information regarding the
>origin and location of the exception can be identified
>using the exception stack trace below.
>
>Stack Trace:
>
>
>[ApplicationException: Access is denied.
>]
>
>System.Security.Principal.WindowsIdentity._Resolv eIdentity
>(IntPtr userToken) +0
> System.Security.Principal.WindowsIdentity.get_Name () +71
>
>System.Web.Configuration.AuthorizationConfigRule. IsUserAllo
>wed(IPrincipal user, String verb) +100
>
>System.Web.Configuration.AuthorizationConfig.IsUs erAllowed
>(IPrincipal user, String verb) +81
> System.Web.Security.UrlAuthorizationModule.OnEnter
>(Object source, EventArgs eventArgs) +178
>
>System.Web.SyncEventExecutionStep.System.Web.Http Applicatio
>n+IExecutionStep.Execute() +60
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep
>step, Boolean& completedSynchronously) +87
>
>
>>aspnet_wp.exe>>-----Original Message-----
>>James,
>>
>>In the scenario you describe, you will need to give the>group. By default, this>>process account access or make it a member of your>unauthenticated users so that>>would be the ASPNET account.
>>
>>You can also enable impersonation and deny>site.>>you get the identity of the user actually browsing the>confers no rights.>>
>>Jim Cheshire [MSFT]
>>Developer Support
>>ASP.NET
>>jamesche@online.microsoft.com
>>
>>This post is provided as-is with no warranties and><anonymous@discussions.microsoft.com>>>
>>-------------------->>>Content-Class: urn:content-classes:message
>>>From: "James Martin"><anonymous@discussions.microsoft.com>>>>Sender: "James Martin">microsoft.public.dotnet.framework.aspnet.securi ty>>>Subject: file permissions
>>>Date: Wed, 15 Oct 2003 09:21:31 -0700
>>>Lines: 58
>>>Message-ID: <037001c39338$6513bd70$a101280a@phx.gbl>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: 7bit
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Thread-Index: AcOTOGUTgn87zP1oTlWgylW3LfDTgQ==
>>>Newsgroups:>microsoft.public.dotnet.framework.aspnet.securi ty>>microsoft.public.dotnet.framework.aspnet.securit y:7186>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>X-Tomcat-NG:>the>>>
>>>I have a W2K server, running IIS 6 and Active Directory
>>>Services. I have an ASP.Net application off the root web
>>>directory named "Apps". Within the IIS Manager I have>file>>>Authentication method set to "Anonymous Access" as well
>>>as "Authenticated Access" using "Integrated Windows
>>>Authentication" for both the root web and the "Apps" sub-
>>>directory. All files and directories under the "Apps"
>>>folder are set in this manner.
>>>
>>>The web config file is set to use "Windows" for
>>>Authentication and "*" for Authorization.
>>>
>>>Using Explorer I have changed the permissions for one>The>>>in the "Apps" directory. For this file, let's call
>>>it "myfile.aspx", I have removed the "Everyone" group.>this>>>permissions for this file are as follows:
>>>
>>>Creator Owner - Full Control
>>>System - Full Control
>>>mydomain\Administrators - Full Control
>>>mydomain\MyGroup - Read, Read/Execute
>>>
>>>If I attempt to access any file on this web via a web
>>>browser it works as it should with the exception of this
>>>single file, "myfile.aspx". When attempting to access>-->>>file it will ask for a username/password/domain and will
>>>not accept anyone, including anyone from
>>>the "Administrators" or "MyGroup" groups.
>>>The error I get in the browser is:
>>>
>>>Server Error in '/Apps' Application.
>>>--------------------------------------------------------->supplied>>>---------------------
>>>
>>>Access is denied.
>>>Description: An error occurred while accessing the
>>>resources required to serve this request. You might not
>>>have permission to view the requested resources.
>>>
>>>Error message 401.3: You do not have permission to view
>>>this directory or page using the credentials you>-->>>(access denied due to ACLs). Ask the Web server's
>>>administrator to give you access
>>>to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
>>>
>>>
>>>--------------------------------------------------------->before.>>>---------------------
>>>Version Information: Microsoft .NET Framework
>>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>>
>>>This is the same basic configuration I use on other web
>>>servers for security and have not had this problem>systems>>>I have another server within this domain that is
>>>configured in the same manner that works although it is
>>>not an ASP.Net application. I have tried this from>>>>>>logged into the domain and from systems not logged into
>>>the domain with the same results.
>>>
>>.
>>Jim Cheshire [MSFT] Guest
-
James Martin #7 RE: file permissions
Ok here is what I now know based on some pointers from
ZRH. These are the steps I had to take to enable selective
access to files using Windows as the authentication
format. I chose this format because the management of
users and files is already in place and it does not
require yet another username and password combination to
be remembered.
Keep in mind my configuration included a W2K server, IIS
5, and Active Directory services with the web server also
acting as a Domain Controller. So, having said that, to
control access to a file or directory with W2K and IIS5
when accessed via a web browser you must do the following:
In IIS Management Console set the "Authentication" method
to whatever level you prefer. This can be done for the
folder or virtual directory as well as individual files.
In my case I wish to allow some files to be accessed by
everyone so I have enabled both "Anonymous Access" for
this purpose and under "Authenticated Access" I have
enabled "Integrated Windows authentication". This allows
further access control using NTFS file permissions. The
most restrictive permissions will apply.
Enabling "Anonymous Access" will not allow an
unauthenticated user or user without proper credentials to
access a resource for which he has not been given access
rights through NTFS permissions. As a side note my
installation used the IUSR_machinename as the Anonymous
User account and the checkbox was enabled to allow IIS to
manage the password. Close IIS Management Console.
In Windows Explorer right-click on the file or folder that
you wish to change permissions for. Add or remove groups
and users as needed and change permissions for these
groups and users. I have found that the following accounts
must be added regardless of the other settings and have
found documentation that seems to support this:
Creator Owner - Full Control
System - Full Control
domainname\ASPNET - Read, Read/Execute
domainname\IWAM_machinename - Read, Read/Execute
and any other accounts you wish to have access this
resource. Close Windows Explorer.
Once this has been accomplished go to Start-->Program
Files-->Administrative Tools and open the Domain
Controller Security Policy. Once inside the Domain
Controller Security Policy Console go to Windows Settings--Assignments. In the right hand pane double-click>Security Settings-->Local Policies-->User Rights
on "Impersonate a client after authentication". Enable
the "Define these policy settings" checkbox and
click "Add". Click "Browse" then find and select the
account IWAM_machinename and click OK-->OK-->OK. Close the
Domain Controller Security Policy Console.
At a command prompt issue the following command:
secedit /refreshpolicy machine_policy /enforce
then at the command prompt issue the following command:
iisreset
Close the command prompt window. Now we need to modify the
web.config file for the ASP.NET application as follows:
<authentication mode="Windows" />
<authorization>
<allow users="*" /> <!-- This allows all users to access
even if they are outside the domain provided NTFS
permissions allow it and IIS allows "Anonymous Access" -->
</authorization>
<identity impersonate="true"/> <!-- This allows ASP.NET to
impersonate the user requesting a restricted resource
after authentication has taken place. It requires that an
account be specified for the impersonation on the macine
hosting the ASP.NET application -->
Save the file and check for proper operation of the web
site pages you have modified the permissions for. If
anyone notices inaccuracies in document please feel free
to make corrections and thanks again to ZRH.
Here are some external resources I used:
[url]http://support.microsoft.com/default.aspx?scid=kb;EN-[/url]
US;Q815171#4
[url]http://4guysfromrolla.411asp.net/[/url]
[url]http://www.jsiinc.com/SUBN/tip6900/rh6981.htm[/url]
->-----Original Message-----
>Okay in web.config I have :
>
><authentication mode="Windows" />
><authorization>
> <deny users="?" />
></authorization>
><identity impersonate="true" userName="" password=""/>
>
>
>I added mydomain\ASPNET to the ACL.
>
>When I attempt to access the page I am NO LONGER prompted
>for a username/password/domain and the web page returned
>reports the following:
>
>Server Error in '/Apps' Application.
>----------------------------------------------------------where>---------------------
>
>Access is denied.
>Description: An unhandled exception occurred during the
>execution of the current web request. Please review the
>stack trace for more information about the error and+71>it originated in the code.
>
>Exception Details: System.ApplicationException: Access is
>denied.
>
>Source Error:
>
>An unhandled exception was generated during the execution
>of the current web request. Information regarding the
>origin and location of the exception can be identified
>using the exception stack trace below.
>
>Stack Trace:
>
>
>[ApplicationException: Access is denied.
>]
>
>System.Security.Principal.WindowsIdentity._Resolv eIdentity
>(IntPtr userToken) +0
> System.Security.Principal.WindowsIdentity.get_Name ()o>
>System.Web.Configuration.AuthorizationConfigRule. IsUserAllo>wed(IPrincipal user, String verb) +100
>
>System.Web.Configuration.AuthorizationConfig.IsUs erAllowed
>(IPrincipal user, String verb) +81
> System.Web.Security.UrlAuthorizationModule.OnEnter
>(Object source, EventArgs eventArgs) +178
>
>System.Web.SyncEventExecutionStep.System.Web.Http Applicatiweb>n+IExecutionStep.Execute() +60
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep
>step, Boolean& completedSynchronously) +87
>
>
>>aspnet_wp.exe>>-----Original Message-----
>>James,
>>
>>In the scenario you describe, you will need to give the>group. By default, this>>process account access or make it a member of your>unauthenticated users so that>>would be the ASPNET account.
>>
>>You can also enable impersonation and deny>site.>>you get the identity of the user actually browsing the>confers no rights.>>
>>Jim Cheshire [MSFT]
>>Developer Support
>>ASP.NET
>>jamesche@online.microsoft.com
>>
>>This post is provided as-is with no warranties and><anonymous@discussions.microsoft.com>>>
>>-------------------->>>Content-Class: urn:content-classes:message
>>>From: "James Martin"><anonymous@discussions.microsoft.com>>>>Sender: "James Martin">microsoft.public.dotnet.framework.aspnet.securi ty>>>Subject: file permissions
>>>Date: Wed, 15 Oct 2003 09:21:31 -0700
>>>Lines: 58
>>>Message-ID: <037001c39338$6513bd70$a101280a@phx.gbl>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: 7bit
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Thread-Index: AcOTOGUTgn87zP1oTlWgylW3LfDTgQ==
>>>Newsgroups:>microsoft.public.dotnet.framework.aspnet.securi ty>>microsoft.public.dotnet.framework.aspnet.securit y:7186>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>X-Tomcat-NG:>>>
>>>I have a W2K server, running IIS 6 and Active Directory
>>>Services. I have an ASP.Net application off the rootsub->the>>>directory named "Apps". Within the IIS Manager I have>>>Authentication method set to "Anonymous Access" as well
>>>as "Authenticated Access" using "Integrated Windows
>>>Authentication" for both the root web and the "Apps"this>file>>>directory. All files and directories under the "Apps"
>>>folder are set in this manner.
>>>
>>>The web config file is set to use "Windows" for
>>>Authentication and "*" for Authorization.
>>>
>>>Using Explorer I have changed the permissions for one>The>>>in the "Apps" directory. For this file, let's call
>>>it "myfile.aspx", I have removed the "Everyone" group.>>>permissions for this file are as follows:
>>>
>>>Creator Owner - Full Control
>>>System - Full Control
>>>mydomain\Administrators - Full Control
>>>mydomain\MyGroup - Read, Read/Execute
>>>
>>>If I attempt to access any file on this web via a web
>>>browser it works as it should with the exception ofwill>this>>>single file, "myfile.aspx". When attempting to access>>>file it will ask for a username/password/domain and->>>not accept anyone, including anyone from
>>>the "Administrators" or "MyGroup" groups.
>>>The error I get in the browser is:
>>>
>>>Server Error in '/Apps' Application.
>>>--------------------------------------------------------->-->supplied>>>---------------------
>>>
>>>Access is denied.
>>>Description: An error occurred while accessing the
>>>resources required to serve this request. You might not
>>>have permission to view the requested resources.
>>>
>>>Error message 401.3: You do not have permission to view
>>>this directory or page using the credentials you>>>(access denied due to ACLs). Ask the Web server's
>>>administrator to give you access
>>>to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
>>>
>>>
>>>-------------------------------------------------------->-->before.>>>---------------------
>>>Version Information: Microsoft .NET Framework
>>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>>
>>>This is the same basic configuration I use on other web
>>>servers for security and have not had this problem>systems>>>I have another server within this domain that is
>>>configured in the same manner that works although it is
>>>not an ASP.Net application. I have tried this from>.>>>>>logged into the domain and from systems not logged into
>>>the domain with the same results.
>>>
>>.
>>
>James Martin Guest
-
Jim Cheshire [MSFT] #8 RE: file permissions
Hi James,
Thanks very much for posting so much good information after resolving your
problem. That will help a lot of people! A couple of clarifications.
1. The "Impersonate a Client After Authentication" is only required if you
are impersonating on a Windows 2000 box.
2. Setting impersonation without explicitly declaring a username and
password with the settings you have configured right now will cause the
application to run under the IUSR account. This is because you are not
specifying a username in your <identity> element and you have anonymous
access enabled. If you want to use the identity of the specific user
browsing the site, you either need to disable anonymous in IIS, or you need
to deny unauthenticated users in your web.config with a <deny users="?" />.
Jim Cheshire [MSFT]
Developer Support
ASP.NET
[email]jamesche@online.microsoft.com[/email]
This post is provided as-is with no warranties and confers no rights.
--------------------<web8eg1kDHA.688@cpmsftngxa06.phx.gbl>>Content-Class: urn:content-classes:message
>From: "James Martin" <anonymous@discussions.microsoft.com>
>Sender: "James Martin" <anonymous@discussions.microsoft.com>
>References: <037001c39338$6513bd70$a101280a@phx.gbl>
<0a9601c39377$c94fd730$a101280a@phx.gbl>microsoft.public.dotnet.framework.aspnet.security: 7208>Subject: RE: file permissions
>Date: Thu, 16 Oct 2003 10:58:46 -0700
>Lines: 286
>Message-ID: <086301c3940f$24d895a0$a001280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOUDyTYlIZvxbQ6RYKFOARDgaKPtA==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl>NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Ok here is what I now know based on some pointers from
>ZRH. These are the steps I had to take to enable selective
>access to files using Windows as the authentication
>format. I chose this format because the management of
>users and files is already in place and it does not
>require yet another username and password combination to
>be remembered.
>
>Keep in mind my configuration included a W2K server, IIS
>5, and Active Directory services with the web server also
>acting as a Domain Controller. So, having said that, to
>control access to a file or directory with W2K and IIS5
>when accessed via a web browser you must do the following:
>
>In IIS Management Console set the "Authentication" method
>to whatever level you prefer. This can be done for the
>folder or virtual directory as well as individual files.
>In my case I wish to allow some files to be accessed by
>everyone so I have enabled both "Anonymous Access" for
>this purpose and under "Authenticated Access" I have
>enabled "Integrated Windows authentication". This allows
>further access control using NTFS file permissions. The
>most restrictive permissions will apply.
>Enabling "Anonymous Access" will not allow an
>unauthenticated user or user without proper credentials to
>access a resource for which he has not been given access
>rights through NTFS permissions. As a side note my
>installation used the IUSR_machinename as the Anonymous
>User account and the checkbox was enabled to allow IIS to
>manage the password. Close IIS Management Console.
>
>In Windows Explorer right-click on the file or folder that
>you wish to change permissions for. Add or remove groups
>and users as needed and change permissions for these
>groups and users. I have found that the following accounts
>must be added regardless of the other settings and have
>found documentation that seems to support this:
>
>Creator Owner - Full Control
>System - Full Control
>domainname\ASPNET - Read, Read/Execute
>domainname\IWAM_machinename - Read, Read/Execute
>
>and any other accounts you wish to have access this
>resource. Close Windows Explorer.
>
>Once this has been accomplished go to Start-->Program
>Files-->Administrative Tools and open the Domain
>Controller Security Policy. Once inside the Domain
>Controller Security Policy Console go to Windows Settings-->Assignments. In the right hand pane double-click>>Security Settings-->Local Policies-->User Rights
>on "Impersonate a client after authentication". Enable
>the "Define these policy settings" checkbox and
>click "Add". Click "Browse" then find and select the
>account IWAM_machinename and click OK-->OK-->OK. Close the
>Domain Controller Security Policy Console.
>
>At a command prompt issue the following command:
>
>secedit /refreshpolicy machine_policy /enforce
>
>then at the command prompt issue the following command:
>
>iisreset
>
>Close the command prompt window. Now we need to modify the
>web.config file for the ASP.NET application as follows:
>
><authentication mode="Windows" />
><authorization>
> <allow users="*" /> <!-- This allows all users to access
>even if they are outside the domain provided NTFS
>permissions allow it and IIS allows "Anonymous Access" -->
></authorization>
><identity impersonate="true"/> <!-- This allows ASP.NET to
>impersonate the user requesting a restricted resource
>after authentication has taken place. It requires that an
>account be specified for the impersonation on the macine
>hosting the ASP.NET application -->
>
>Save the file and check for proper operation of the web
>site pages you have modified the permissions for. If
>anyone notices inaccuracies in document please feel free
>to make corrections and thanks again to ZRH.
>
>Here are some external resources I used:
>
>[url]http://support.microsoft.com/default.aspx?scid=kb;EN-[/url]
>US;Q815171#4
>[url]http://4guysfromrolla.411asp.net/[/url]
>[url]http://www.jsiinc.com/SUBN/tip6900/rh6981.htm[/url]
>>->>-----Original Message-----
>>Okay in web.config I have :
>>
>><authentication mode="Windows" />
>><authorization>
>> <deny users="?" />
>></authorization>
>><identity impersonate="true" userName="" password=""/>
>>
>>
>>I added mydomain\ASPNET to the ACL.
>>
>>When I attempt to access the page I am NO LONGER prompted
>>for a username/password/domain and the web page returned
>>reports the following:
>>
>>Server Error in '/Apps' Application.
>>---------------------------------------------------------->where>>---------------------
>>
>>Access is denied.
>>Description: An unhandled exception occurred during the
>>execution of the current web request. Please review the
>>stack trace for more information about the error and>+71>>it originated in the code.
>>
>>Exception Details: System.ApplicationException: Access is
>>denied.
>>
>>Source Error:
>>
>>An unhandled exception was generated during the execution
>>of the current web request. Information regarding the
>>origin and location of the exception can be identified
>>using the exception stack trace below.
>>
>>Stack Trace:
>>
>>
>>[ApplicationException: Access is denied.
>>]
>>
>>System.Security.Principal.WindowsIdentity._Resol veIdentity
>>(IntPtr userToken) +0
>> System.Security.Principal.WindowsIdentity.get_Name ()>o>>
>>System.Web.Configuration.AuthorizationConfigRule .IsUserAll>o>>wed(IPrincipal user, String verb) +100
>>
>>System.Web.Configuration.AuthorizationConfig.IsU serAllowed
>>(IPrincipal user, String verb) +81
>> System.Web.Security.UrlAuthorizationModule.OnEnter
>>(Object source, EventArgs eventArgs) +178
>>
>>System.Web.SyncEventExecutionStep.System.Web.Htt pApplicati>web>>n+IExecutionStep.Execute() +60
>> System.Web.HttpApplication.ExecuteStep(IExecutionS tep
>>step, Boolean& completedSynchronously) +87
>>
>>
>>>>aspnet_wp.exe>>>-----Original Message-----
>>>James,
>>>
>>>In the scenario you describe, you will need to give the>>group. By default, this>>>process account access or make it a member of your>>unauthenticated users so that>>>would be the ASPNET account.
>>>
>>>You can also enable impersonation and deny>>site.>>>you get the identity of the user actually browsing the>>confers no rights.>>>
>>>Jim Cheshire [MSFT]
>>>Developer Support
>>>ASP.NET
>>>jamesche@online.microsoft.com
>>>
>>>This post is provided as-is with no warranties and>><anonymous@discussions.microsoft.com>>>>
>>>--------------------
>>>>Content-Class: urn:content-classes:message
>>>>From: "James Martin">><anonymous@discussions.microsoft.com>>>>>Sender: "James Martin">>microsoft.public.dotnet.framework.aspnet.securit y>>>>Subject: file permissions
>>>>Date: Wed, 15 Oct 2003 09:21:31 -0700
>>>>Lines: 58
>>>>Message-ID: <037001c39338$6513bd70$a101280a@phx.gbl>
>>>>MIME-Version: 1.0
>>>>Content-Type: text/plain;
>>>> charset="iso-8859-1"
>>>>Content-Transfer-Encoding: 7bit
>>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>>Thread-Index: AcOTOGUTgn87zP1oTlWgylW3LfDTgQ==
>>>>Newsgroups:>>microsoft.public.dotnet.framework.aspnet.securit y>>>>Path: cpmsftngxa06.phx.gbl
>>>>Xref: cpmsftngxa06.phx.gbl
>>>microsoft.public.dotnet.framework.aspnet.securi ty:7186
>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>>X-Tomcat-NG:>>>>
>>>>I have a W2K server, running IIS 6 and Active Directory
>>>>Services. I have an ASP.Net application off the root>sub->>the>>>>directory named "Apps". Within the IIS Manager I have>>>>Authentication method set to "Anonymous Access" as well
>>>>as "Authenticated Access" using "Integrated Windows
>>>>Authentication" for both the root web and the "Apps">this>>file>>>>directory. All files and directories under the "Apps"
>>>>folder are set in this manner.
>>>>
>>>>The web config file is set to use "Windows" for
>>>>Authentication and "*" for Authorization.
>>>>
>>>>Using Explorer I have changed the permissions for one>>The>>>>in the "Apps" directory. For this file, let's call
>>>>it "myfile.aspx", I have removed the "Everyone" group.>>>>permissions for this file are as follows:
>>>>
>>>>Creator Owner - Full Control
>>>>System - Full Control
>>>>mydomain\Administrators - Full Control
>>>>mydomain\MyGroup - Read, Read/Execute
>>>>
>>>>If I attempt to access any file on this web via a web
>>>>browser it works as it should with the exception of>will>>this>>>>single file, "myfile.aspx". When attempting to access>>>>file it will ask for a username/password/domain and>->>>>not accept anyone, including anyone from
>>>>the "Administrators" or "MyGroup" groups.
>>>>The error I get in the browser is:
>>>>
>>>>Server Error in '/Apps' Application.
>>>>-------------------------------------------------------->->>-->>supplied>>>>---------------------
>>>>
>>>>Access is denied.
>>>>Description: An error occurred while accessing the
>>>>resources required to serve this request. You might not
>>>>have permission to view the requested resources.
>>>>
>>>>Error message 401.3: You do not have permission to view
>>>>this directory or page using the credentials you>>>>(access denied due to ACLs). Ask the Web server's
>>>>administrator to give you access
>>>>to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
>>>>
>>>>
>>>>-------------------------------------------------------->>>-->>before.>>>>---------------------
>>>>Version Information: Microsoft .NET Framework
>>>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>>>
>>>>This is the same basic configuration I use on other web
>>>>servers for security and have not had this problem>>systems>>>>I have another server within this domain that is
>>>>configured in the same manner that works although it is
>>>>not an ASP.Net application. I have tried this from>>.>>>>logged into the domain and from systems not logged into
>>>>the domain with the same results.
>>>>
>>>
>>>.
>>>
>>Jim Cheshire [MSFT] Guest
-
Gareth Bailey #9 File permissions
Hi there,
I need to set permissions on the /www/data-dist directory such that
when samba users create new files in it the ownership of the files
will automatically be set to www.
How might i do this. I've had a look at the chmod and sticky manpages
with no luck.
Thanks,
Gareth
Gareth Bailey Guest
-
Mike Hauber #10 Re: File permissions
On Wednesday 23 February 2005 03:46 am, Gareth Bailey wrote:
man smb.conf> Hi there,
>
> I need to set permissions on the /www/data-dist directory such
> that when samba users create new files in it the ownership of
> the files will automatically be set to www.
>
> How might i do this. I've had a look at the chmod and sticky
> manpages with no luck.
>
> Thanks,
> Gareth
I think you want to "force group = www"
for the shares you want owned by www.
hth,
Mike
Mike Hauber Guest
-
galeemma #11 File permissions
I want to set up contribute on an existing site and at the moment everyone has
access to it.
Can someone please confirm whether i need to restrict access to users and then
grant them through contribute?
Kind regards
emma
galeemma Guest
-
Joeyb #12 Re: File permissions
Sounds like the right move if you don't want them messing with the files using any other tools.
Joeyb Guest
-
macrunning #13 FILE PERMISSIONS
Looking for notes regarding how I can use chmod permission settings with
Dreamweaver 8. Is it possible with Dreamweaver? It should be. If you can, I
haven't been able to figure it out in 5 years so maybe you should make it a bit
easier. Maybe being able to right click on a file or folder in the files/assets
view pane allowing us to set file permissions would be a great idea and very
helpful for those of us using linux/unix servers and doing a lot of php dynamic
content. Any feedback on this would be great. Or if anyone knows of a 3rd party
extension that would help.
macrunning Guest
-
Murray *TMM* #14 Re: FILE PERMISSIONS
Suggest that to the team -
[url]http://www.macromedia.com/support/email/wishform/[/url]
--
Murray --- ICQ 71997575
Team Macromedia Volunteer for Dreamweaver MX
(If you *MUST* email me, don't LAUGH when you do so!)
==================
[url]news://forums.macromedia.com/macromedia.dreamweaver[/url]
THE BEST WAY TO GET ANSWERS
==================
[url]http://www.dreamweavermx-templates.com[/url] - Template Triage!
[url]http://www.projectseven.com/go[/url] - DW FAQs, Tutorials & Resources
[url]http://www.dwfaq.com[/url] - DW FAQs, Tutorials & Resources
[url]http://www.macromedia.com/support/search/[/url] - Macromedia (MM) Technotes
==================
"macrunning" <webforumsuser@macromedia.com> wrote in message
news:dllhb1$83j$1@forums.macromedia.com...> Looking for notes regarding how I can use chmod permission settings with
> Dreamweaver 8. Is it possible with Dreamweaver? It should be. If you can,
> I
> haven't been able to figure it out in 5 years so maybe you should make it
> a bit
> easier. Maybe being able to right click on a file or folder in the
> files/assets
> view pane allowing us to set file permissions would be a great idea and
> very
> helpful for those of us using linux/unix servers and doing a lot of php
> dynamic
> content. Any feedback on this would be great. Or if anyone knows of a 3rd
> party
> extension that would help.
>
Murray *TMM* Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
