Hello, Leonid
ATL Server applications run in the context specified in IIS configuration.
By default, the ATL Server application will impersonate the anonymous web
user (IUSR_MACHINENAME).
There are a few ways of working around this.
1) disable the anonymous access to the virtual directory where the ATL
Server application is installed. This way, IIS will require the credentials
of the remote user before launching teh request handling ( the ATL Server
code). Then, you can invoke AtlImpersonateClient from the ATL Server code to
impersonate the remote client. Now, if the remote client (the user that
launched the request) has permissions to write on your C drive, everything
will work smoothly
2) impersonate some local machine user which has permission to write in the
C drive in the ATL Server application for the code sequence that performs
the writing:
{
SetThreadToken(NULL, hToken); // start impersonation for current thread
// Write to disk
SetThreadToken(NULL, NULL) ;// end impersonation for current thread
}
hToken can be obtained by invoking LogonUser, details are available in MSDN
for both LogonUser and SetThreadToken
3) if your web application will be accessed by users that do not have
permissions on your C drive, you can leave the configuration intact and
create a folder on the C drive where the anonymous user (IUSR_<MACHINENAME>)
has permission to write. Use Explorer's security dialog to allow this user
to write in that folder
4) in the IIS configuration dialog for the virtual directory of the ATL
Server application, change the account used for anonymous access from
IUSR_<MACHINENAME> to some local user that has permissions to write in the
C: drive (or the folder on the C drive where you plan to write)
5) Change you application to write into a file in the virtual directory
itself and give Write permissions to that virtuall directory
6) Change the application's logic to use a database instead of file writing
Hope this helps,
--
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. It is for newsgroup
purposes only.
thanks,
bogdan
Leonid said:
Hello,
I have VC++ .NET 2003 ATL Server project. In one of its method I need to
write some information in a local txt file. This txt file and this ATL
Server are on the same 'C: \' drive. When I tried it I just get
ERROR_ACCESS_DENIED error from GetLastError function. What do I need to
modify to let this ATL Server to write on local hard drive? Is it file's
access permission or ATL Server security settings?
