Uploading image is not working on server

Question

While uploading the file from local machine on to the server, it is showing me the

"Server Error in '/' Application.
Access to the path 'G://images\blog-image2.jpg' is denied."

Can someone help me out in this....Please. my c# code is this:

protected void btnSubmit_Click(object sender, EventArgs e)
{
    //Get Filename from fileupload control
    string filename = Path.GetFileName(fileuploadimages.PostedFile.FileName);
    //Save images into Images folder
    fileuploadimages.SaveAs(Server.MapPath("~/images/" + filename));

    //Getting dbconnection from web.config connectionstring
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["dbconnection"].ToString());
    //Open the database connection
    con.Open();
    //Query to insert images path and name into database
    SqlCommand cmd = new SqlCommand("Insert into tblimgs(ImageName,ImagePath) values(@ImageName,@ImagePath)", con);
    //Passing parameters to query
    cmd.Parameters.AddWithValue("@ImageName", filename);
    cmd.Parameters.AddWithValue("@ImagePath", "~/images/" + filename);
    cmd.ExecuteNonQuery();
    //Close dbconnection
    con.Close();
    Response.Redirect("default.aspx");
}

what is wrong in this?

Answer 1

You need to check which user your application runs under, it may be that the user account will not have permissions to write to any sub-folders for security reasons. Give that user write permissions to the images folder and make sure that is the only folder that you do give it write permissions to so that the security risk is minimised.

You could also refactor you code to:

fileuploadimages.SaveAs(Path.Combine(Server.MapPath("~/images"),filename)));

since MapPath() doesn't append a trailing backslash to the mapped path because it has no way of knowing if the path is a directory or a file (it doesn't check if the given path actually exists).

EDIT: To grant the correct permissions to that folder, first you need to find out from the application pool for the website what is the identity it is running under (by default this is Application Pool Identity). Look for the IIS APPPOOL\DefaultAppPool user. See this article on the official IIS site for more details.

If that won't work for you then check to see if your asp.net account {MACHINE}\ASPNET has write access to that images location. Consider granting access rights to the resource to the ASP.NET request identity. To do this, right click on downloading folder Properties > Security Tab > Edit > Add > locations > choose your local machine > click OK > Type ASPNET below "Enter the object name to select" > Click Check Names Check the boxes for the desired access (Full Control). If that does not work for you then consider doing the same with Network Service.

Now this should show your local {MACHINENAME}\ASPNET account, then you set the write permission to this account.

Otherwise if the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

Answer 2

You'll want to make sure the account you're using has access to that file path.

Also it would probably help to give access to that folder for the IIS user account (IUSR I believe).