I'm trying to get my MVC app to write a simple text file to another server using System.IO.File.WriteAllText. (A separate process is looking in that folder for text files to grab.) It works fine when debugging on my local machine, but when deployed to IIS on a test server, I always get this error when trying to write the file:
Access to the path '\\server\C$\folder\subfolder\file.txt' is denied.
The answer to at least half a dozen similar questions here on SO was to give the application pool identity account access to that folder. However, the app pool on IIS was already running under a service account that had full permissions to the desired folder but was still getting the error. I even tried changing the app pool to my own account (the one used successfully in debugging) and still get the error.
Anonymous access is turned off, and Windows Authentication is turned on (part of the file.txt is info from the user's AD account). I have tried accessing the app with several AD accounts, both with and without access to \\server\C$\folder\subfolder\ but they all give the same error.
I don't see how the app can be running under an authorized account, and the user can be logged in to the app with an authorized account, but still get the access denied error. Is there any way to get more info about specifically what access is denied or which account is actually being denied? Anything else I'm missing here??
You need to check whether other processes already have the file open, e.g, "A separate process is looking in that folder for text files to grab" - perhaps this separate process already has the file open and is therefore locking out your IIS process? Use Process Monitor (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) to monitor activity on the file.
Also you give the file location as '\server\C$\folder\subfolder\file.txt'. UNC paths normally begin with a '\\', e.g., '\\server\C$\folder\subfolder\file.txt'. That may just be an artefact of StackOverflow escaping the double slash to a single slash.
As a simple test, can you use notepad with your own account to open the file in the error message and write to the file? What if you use the application pool identity account?
Edit: You run Process Monitor on the server that has the file location. Add a Path filter like this:
Path excludes file.txt then Exclude
Where file.txt is the file name (without the directory) of the file you are monitoring. This filter will only capture events for that file and will exclude everything else. Once an event occurs, right click it, and go to Properties, Process to see the User initiating the event.
First of all, you can try to give write rights to IUSR user on your folder in which you want to write your text file.
There is a way to imitate an user in your asp.net application by using Impersonate tag in your web.config file but I think this can be dangerous.
<identity impersonate="true" userName="nomducompte" password="motdepasse" />
I hope this helps.
来源:https://stackoverflow.com/questions/47717820/access-to-path-denied-on-iis