Access to the path ' ' is denied, when i copy a text file to another folder on server

Question

I try to copy a file from server and i put to local space "I" at work, if i try that on localhost work, but when i try on server get me error from title:

My.Computer.FileSystem.CopyFile(
        Server.MapPath("../../TempDownloads/Template_BOM.xlsx"),
        "\\art-fs02\07_ART_ECO\12_Samples\03_Samples_order\999_MoraruVladutBOM_Test\SO-300.xlsx")

My error:

Access to the path '\\art-fs02\07_ART_ECO\12_Samples\03_Samples_order\999_MoraruVladutBOM_Test' is denied. 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.UnauthorizedAccessException: Access to the path '\\art-fs02\07_ART_ECO\12_Samples\03_Samples_order\999_MoraruVladutBOM_Test' is denied. 

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.UnauthorizedAccessException: Access to the path '\\art-fs02\07_ART_ECO\12_Samples\03_Samples_order\999_MoraruVladutBOM_Test' is denied. 

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via `<identity impersonate="true"/>`, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. 

Answer 1

Try this might solve your problem

System.IO.Directory.CreateDirectory(DirectoryPath);
System.Security.AccessControl.DirectorySecurity sec = Directory.GetAccessControl(DirectoryPath);
// Using this instead of the "Everyone" string means we work on non-English systems.
var everyone = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null);
sec.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(everyone, System.Security.AccessControl.FileSystemRights.Modify | System.Security.AccessControl.FileSystemRights.Synchronize, System.Security.AccessControl.InheritanceFlags.ContainerInherit | System.Security.AccessControl.InheritanceFlags.ObjectInherit, System.Security.AccessControl.PropagationFlags.None, System.Security.AccessControl.AccessControlType.Allow));
Directory.SetAccessControl(DirectoryPath, sec);

Answer 2

Your web application will try to access the network path with the ASPNET user, so you have one of three solution will work and 4th never tried but might work (i think):

• impersonate: using any user that have permissions... from what i understood that's not an option because of multi users.

• do you want every user to use his own credentials, do you have the windows username and password for every user accessing this page ? if yes the second solution will be to access the network path using these credentials:

take a look on this

• 3rd solution is by giving permissions for {MACHINE}\ASPNET user to access this path.

• Mapping that network path as a drive in your windows (totally guessing but worth trying) :)

Good luck

Answer 3

For security reasons you should allow file operations to authorized users only. To do so:
1. Place the page with file operation to a separate folder (inside site root), for example "securefolder".
2. Add location section to web.config (inside configuration section)

  <location path="securefolder">
    <system.web>
      <authorization>
        <allow roles="Administrators" />
        <deny users="*" />
      </authorization>
      <identity impersonate="true" />
    </system.web>
    <system.webServer>
      <validation validateIntegratedModeConfiguration="false" />
    </system.webServer>
  </location>

3. in IIS console go to Authentication and enable "Basic" and "Anonymous" authentication only. Anonymous users can see the whole site except securefolder. When you enter securefolder you will be asked for UN/PWD. It works fine on my system.

Answer 4

You may need to grant IIS_USERS access to the destination file(s) or folder: In explorer, right-click the destination file or folder, select "Properties -> Security tab -> Button Edit -> Button Add -> Advanced -> Find Now.

Scroll down and select IIS_IUSRS. This should grant IIS_USERS access to the destination file.

Answer 5

Error is:

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

The solution in my case was to add the following to the web.config:

<system.web>
 <identity impersonate="true" userName="administrator" password="xxxxxxx" />      
</system.web

Answer 6

What Identity is your application pool using (by default it's ApplicationPoolIdentity, a local account)? That user would usually need access granted to whatever network resource you are trying to access, so the easiest way is to have a domain account set up as the application pool user and then grant that domain user access to the network share.

Answer 7

It seems you do not have required permissions or file share cannot be accessed. First you should try access to shared folder to see if the folder exists on share. Just paste folder path to a new windows explorer address bar.

Then you need to grant write or other appropriate permissions to that folder/share. To do this you need to add application pool user to both folder security and share security tabs.