||From an ASP.NET Web page you can create, open, modify, and delete files from the Web server's file system. When an ASP.NET Web page attempts to access the Web server's file system, the Web server first authenticates the request. That is, it first determines who is making the request in order to determine if that user has the proper permissions. The ASP.NET engine can identify itself in one of two ways:|
1. As a user account named
ASPNET (the default), or
2. As some other existing, specified user account
Which method the ASP.NET engine uses depends on the
<identity> setting in the
Web.config files. By default, this setting is specified as:
<identity impersonate="false" />
With this default setting, the ASP.NET engine will identify itself using the user account
<identity> setting can specify that impersonation should be used by setting the
impersonate attribute to true. With
impersonate set to true, optional
password attributes can also be specified, to identify the user account that the ASP.NET engine should use when accessing the file system. (If these attributes are omitted, the default IIS anonymous user account,
IUSR_machinename, is used.) An example of the
<identity> setting using impersonation can be seen below:
<identity impersonate="true" userName="Scott" password="myPassword"/>
With such an
<identity> setting the ASP.NET Web application would access the file system using as the user Scott.
Realize that regardless of whether impersonation is used or not, when accessing the Web server's file system from an ASP.NET Web page, it is accessed as some user account, be it the default
ASPNET account or some other specified user account. In either case, the user account being used might not have adequate permissions to access the file system in the desired manner.
For example, imagine that in an ASP.NET Web page we use the
File.Delete() method to delete the file
C:\MyFiles\SomeFile.xml. If the user account specified, say
ASPNET for this example, does not have Modify permissions for the file, then this file cannot be deleted and an error message will be displayed in the browser. Specifically, the error message is: "Access to path file path is denied."
If you are experiencing these error messages you need to assign the proper permissions to the proper directory and/or files. To accomplish this, you will need to be able to log onto the Web server. Via My Computer, locate the directory or files whose permissions you need to edit. Right-click on these directories or files and choose Properties; next, select the Security tab and add the proper user account (
ASPNET if you are not using impersonation) and grant the account the needed permissions. Once you do this and click OK to close the Properties dialog box, all should work as expected.