IIS 7.5, ASP.NET, impersonation, and access to C:\Windows\Temp

Posted by Heinzi on Stack Overflow See other posts from Stack Overflow or by Heinzi
Published on 2010-06-07T13:08:47Z Indexed on 2010/06/07 13:12 UTC
Read the original article Hit count: 862

Summary: One of our web applications requires write access to C:\Windows\Temp. However, no matter how much I weaken the NTFS permission, procmon shows ACCESS DENIED.

Background (which might or might not be relevant for the problem): We are using OLEDB to access an MS Access database (which is located outside of C:\Windows\Temp). Unfortunately, this OLEDB driver requires write access to the user profile's TEMP directory (which happens to be C:\Windows\Temp when running under IIS 7.5), otherwise the dreaded "Unspecified Error" OleDbException is thrown. See KB 926939 for details. I followed the steps in the KB article, but it doesn't help.

Details:

This is the output of icacls C:\Windows\Temp. For debugging purposes I gave full permissions to Everyone.

C:\Windows\Temp NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                CREATOR OWNER:(OI)(CI)(IO)(F)
                BUILTIN\IIS_IUSRS:(OI)(CI)(S,RD)
                BUILTIN\Users:(CI)(S,WD,AD,X)
                BUILTIN\Administrators:(OI)(CI)(F)
                Everyone:(OI)(CI)(F)

However, this is the screenshot of procmon:

procmon screenshot

Desired Access: Generic Read/Write, Delete
Disposition:    Create
Options:        Synchronous IO Non-Alert, Non-Directory File, Random Access, Delete On Close, Open No Recall
Attributes:     NT
ShareMode:      None
AllocationSize: 0
Impersonating:  MYDOMAIN\myuser

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about iis7