Give authentication to application to write to file on server

Question

0.00/5 (No votes)

See more:

Hi All

I have a web app that is supposed to create and save a file in a folder on the server. I found that it wouldn't work until I opened security credentials to "Everyone" on that folder. Is there supposed to be a built-in user account that Windows has especially for web apps like that, and is there a way to get the app to run the script using credentials that are allowed to write to folder?

Posted 3-Nov-11 6:59am

Taysseer Kadri

Add a Solution

3 solutions

Solution 3

Hi,
Use this method

private bool impersonateValidUser (String userName, String domain, String password)
{
	TempWindowsIdentity WindowsIdentity;
	IntPtr token = IntPtr.Zero;
	IntPtr = IntPtr.Zero tokenDuplicate;
 
	if (RevertToSelf ())
	{
		if (LogonUser (userName, domain, password, LOGON32_LOGON_INTERACTIVE, 
			LOGON32_PROVIDER_DEFAULT, ref token)! = 0)
		{
			if (DuplicateToken (token, 2, ref tokenDuplicate)! = 0) 
			{
				tempWindowsIdentity = new WindowsIdentity (tokenDuplicate);
				impersonationContext tempWindowsIdentity.Impersonate = ();
				if (impersonationContext! = null)
				{
					CloseHandle (token);
					CloseHandle (tokenDuplicate);
					return true;
				}
			}
		} 
	}
	if (token! = IntPtr.Zero)
		CloseHandle (token);
	if (tokenDuplicate! = IntPtr.Zero)
		CloseHandle (tokenDuplicate);
	return false;
}
 
private void undoImpersonation ()
{
	impersonationContext.Undo ();
}

if u have any problems using it let me know

Posted 3-Nov-11 19:18pm

sabbi26

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Not Active · Accepted Answer · 2011-11-03T16:56:00

Solution 1

The IIS_USR account is what you looking for. http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/[^]

*Edit* In addition to this, if you need finer grained permissions on IIS 7, then you can use the app pool identity for the app pool your web application runs as. The account you need to give folder access to will be "IIS AppPool\<yourapppoolname>". See Application Pool Identities[^]

Posted 3-Nov-11 16:56pm

Not Active

Updated 4-Nov-11 5:14am

v4

Comments

BobJanova 4-Nov-11 12:30pm

Isn't the user you need to give permissions to the ASP.net account, not the IIS one?

Mark Salsbery 4-Nov-11 14:40pm

Possibly either, but on IIS 7+ I personally use the app pool identity on my client's sites (and had to - file access from server will fail if I don't give permissions) and have never used any "ASP.net" account so I don't know.

Mark Salsbery 4-Nov-11 14:44pm

Additionally, I know nothing about the ASP.net account, but is it for all ASP.NET apps? I'd prefer finer grained permissions than that when multiple apps are on same server, but that's just me.

Taysseer Kadri 6-Nov-11 15:06pm

thank youuuu this was what i ended up getting done. Thanks for the guidance :D

koolprasad2003 · Accepted Answer · 2011-11-03T19:11:00

Solution 2

Do not add "Everyone" to folder security.
Instead add "Network services" and "ASP NET account" to security. and give "Modify" access permission.

Posted 3-Nov-11 19:11pm

koolprasad2003

Comments

Menon Santosh 4-Nov-11 1:16am

nice advice +5 from me ;)

koolprasad2003 4-Nov-11 1:37am

Thanks UP

Taysseer Kadri 6-Nov-11 15:08pm

by trial and error i found that this is what works when i change the identity of the corresponding app pool to networkservice identity. and then that's what led me to figure out how to add security by ApplicationPoolIdentity identity.