File Security Using Forms based authentication

[SpiderBear6]

How does one set up or specify or give a web site set up using forms based authentication permissions to delete a directory on the web server? Which windows user is running if forms based authentication is being used and only Anonymous security is set in IIS?

--------------------------------------
"We are star-stuff. We are the universe made manifest trying to figure itself out."
-- Delenn in Babylon 5 - "A Distant Star"

 

[crazyboybert]

Hi Spider

As I said in your other thread on this the application runs under the MACHINENAME\ASPNET account by default.

This is NOT related to Forms Based Authentication or anonymous/windows access in IIS which sets permissions for users to view pages within your application.

It is the application which requires permissions to delete files on the server not the user.

If you have given the ASPNET account delete permissions on the required folder/files using the security tab of the properties dialog, then perhaps the directory/file you are trying to delete is read-only or is locked in use by another process? For example if you open a file with a Streamreader then try to delete it without closing the Streamreader it will be locked by IIS.

You could test this by giving the "everyone" account full control and then trying.

Another alternative would be to use the identity tag in your web.config to tell your application to impersonate another user which you have given the appropriate permissions to on the folder/file on your server.

If your still stuck try posting your web.config and the security permissions you have set in the windows file system on your server.

Rob


Go placidly amidst the noise and haste, and remember what peace there may be in silence - Erhmann 1927

 

[SpiderBear6]

Hi Rob... I thought I would try rephrasing the problem.

I have given all users, ASPNET, everyone, IUSR, IWAM etc full control over the parent )and therefore sub directories) of the directory that I want to delete. The files in the directory are not readonly and I'm pretty sure they are not locked by another process as I can go in and delete them myself when the app should.

When I create another user and give them permissions to the parent directory and sub directories, then include them in the web.config as an impersonate, I get this error as soon as I try to get into the web site...

Access to the path "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\newtracker\3eefa284\acae0ab4\hash.web" is denied.

I was trying to find a way to turn on impersonate before I run the delete and then turn it off after the delete, but I can't figure out the code to do that.

SpiderBear.

--------------------------------------
"We are star-stuff. We are the universe made manifest trying to figure itself out."
-- Delenn in Babylon 5 - "A Distant Star"

 

[SpiderBear6]

Here's something interesting... It's actually using the NT AUTHORITY\NETWORK SERVICE user account.

--------------------------------------
"We are star-stuff. We are the universe made manifest trying to figure itself out."
-- Delenn in Babylon 5 - "A Distant Star"

 

[SpiderBear6]

I think I have it sussed... I figured out using WindowsImpersonationContext.

Thanks for all of your help.

--------------------------------------
"We are star-stuff. We are the universe made manifest trying to figure itself out."
-- Delenn in Babylon 5 - "A Distant Star"