File Permissions and Impersonation

Hi,

We have a number of websites running on an IIS6 server all running under
their own seperate Anonymous Web account and ASP.Net is configured to
Impersonate this account for each site for file system security reasons.
The problem comes however when one client needs to write files to their
folders and we receive the following error:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Could not find a part of the path "c:\".
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.IO.DirectoryNotFoundException: Could not find a
part of the path "c:\".

I can get around this error by adding read permissions for all folders
from the drive root to the website directory ie. c:\ and c:\websites and
c:\website1 but this means that the client is now able to read the
complete file structure to their website which and other sites! Does
anyone know of a way of resolving this security issue?

Thanks - Steven

Hi!

I'm sure you have your reasons for impersonating some other anonymous user
than the default one...
Can you configure the page that has to read something from C: to run under
the privileges of a more privileged user?
Check out the information here about configuring single pages:
http://msdn.microsoft.com/library/en...asp?frame=true
Here for impersonation:
http://msdn.microsoft.com/library/en...asp?frame=true
And here on how to put the password in secure storage:
http://support.microsoft.com/default...b;en-us;329290

HTH,
Lars-Erik

"Steve Winter" <st************@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...

Hi,

We have a number of websites running on an IIS6 server all running under
their own seperate Anonymous Web account and ASP.Net is configured to
Impersonate this account for each site for file system security reasons.
The problem comes however when one client needs to write files to their
folders and we receive the following error:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Could not find a part of the path "c:\".
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.IO.DirectoryNotFoundException: Could not find a
part of the path "c:\".

I can get around this error by adding read permissions for all folders
from the drive root to the website directory ie. c:\ and c:\websites and
c:\website1 but this means that the client is now able to read the
complete file structure to their website which and other sites! Does
anyone know of a way of resolving this security issue?

Thanks - Steven

Basically all I want to do is to make sure that the one website can write
to it's own folders but for some strange reason I'm getting ACCESS DENIED
errors (using FileMon to debug) for all directories from the drive root to
the website itself. I would have though that just providing Write access
to the relevant folder in the website should be enough without having to
give read access as well to all folders up from the website to the drive
root ?!

"Lars-Erik Aabech" <la******@newsgroup.nospam> wrote in message
news:O2**************@TK2MSFTNGP10.phx.gbl...

Hi!

I'm sure you have your reasons for impersonating some other anonymous
user than the default one...
Can you configure the page that has to read something from C: to run
under the privileges of a more privileged user?
Check out the information here about configuring single pages:
http://msdn.microsoft.com/library/en...asp?frame=true
Here for impersonation:
http://msdn.microsoft.com/library/en...asp?frame=true
And here on how to put the password in secure storage:
http://support.microsoft.com/default...b;en-us;329290

HTH,
Lars-Erik

"Steve Winter" <st************@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...

Hi,

We have a number of websites running on an IIS6 server all running under
their own seperate Anonymous Web account and ASP.Net is configured to
Impersonate this account for each site for file system security reasons.
The problem comes however when one client needs to write files to their
folders and we receive the following error:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Could not find a part of the path "c:\".
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.IO.DirectoryNotFoundException: Could not find
a part of the path "c:\".

I can get around this error by adding read permissions for all folders
from the drive root to the website directory ie. c:\ and c:\websites and
c:\website1 but this means that the client is now able to read the
complete file structure to their website which and other sites! Does
anyone know of a way of resolving this security issue?

Thanks - Steven