I have a windows forms application which serves as a sort of administrative module for an ASP.NET web application. The web application serves multiple countries, and folders are created when new countries are added to the application data.
Unfortunately on the newly added countries I run into an exception with the web application when I go and try to write files in the folders:
System.UnauthorizedAccessException: Access to the path 'C:\...' is denied.
With the web application using ASP.NET impersonation, it's obvious that the default IIS user (MACHINENAME\IUSR_MACHINENAME) has no permissions to write into the folder.
How do I grant permission the the default IIS user upon folder creation?
I understand that
System.IO.Directory.CreateDirectory(string path, DirectorySecurity directorySecurity)
should do this, but I don't understand how to specify the log on name on the DirectorySecurity object.
Grant permission to create directories and files (read/write/modify/...) to the worker process group (sysname\iis_wpg) to the parent directory of where you want to create the new directories. Make sure that you've set the permissions to apply to this folder, subfolders, and files, then the permissions will be inherited for new folders you create and you won't need to apply them specifically. Rather than doing this for all of App_Data, I'd suggest creating a specific subdirectory and only granting permissions on that subdirectory. If you have multiple apps running on the box you might want to create a new user for the app to run as, change the id of the worker process group, and grant only permission to that specific user.
This is the solution I used eventually:
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
DirectoryInfo info = new DirectoryInfo(path);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
info.SetAccessControl(security);
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 在下西门庆 的文章《How do you create folders and specify access permi》','https://www.manongdao.com/article-913729.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}