Permissions on new Text File - IIS6 and Windows authentication.

  • Thread starter Thread starter Merk
  • Start date Start date
M

Merk

The answer to this ASP.NET question might be informed by insight from the
IIS community - thus posted to both groups.

I have an ASP.NET 2.0 app that runs on a private corporate Intranet on a
Windows Server 2003 R@ server, running IIS6. The Web site site is set up to
use Windows authentication.

This application writes short entries to a text file for logging purposes.
The log file writing logic checks the size of the log file. When the log
file gets too big, it renames the current log file for purposes of archiving
it, and then creates a new log file.

The problem I am finding is that the new log file cannot be written to by
the ASP.NET Web app. File permissions are not adequate. To resolve I have
been manually adding the permissions to the file for the ASPNET account and
for the NETWORKSERVICE account.

I would think that ASP.NET created the file - so it should be able to write
to it.

Question: What can I do to have the permissions - required by ASP.NET -
automatically granted on the text log file that is created by ASP.Net?

An interesting and relevant observation is that the user who was using the
ASP.NET Web application does in fact have permissions to the file. To be
clear, when the application was choking on the file due to insufficient
permissions, the file permissions showed the user [who was using the
application when the new file was created] to have permissions on the file -
with permissions viewed through the file properties dialog, security tab, in
Windows Explorer.

The reason I am confident that the user to whom permissions were directly
and automatically assigned was the user who was using the app when the new
log file was created - is because the log entries in the file include the
current user ID... and the only entries in the new log file were for the
same user ID to which NTFS permissions were automatically assigned.
 
Hi Mark,

It seems that you have done most of the things correct. However, ASP.NET
Application hosted on IIS runs under a specific identity. In your case the
identity is "Network Service".

Please do the following steps:

1. Make sure the directory (under which log file is being written) has the
properties inherited by its sub-folders.
2. Make sure the directory (as defined in Step 1) has proper rights given to
"NETWORK SERVICE".

Please let me know if it helps.

regards,
Joy
 
Back
Top