IIS 7.5, ASP.NET, impersonation, and access to C:\Windows\Temp
Posted
by Heinzi
on Stack Overflow
See other posts from Stack Overflow
or by Heinzi
Published on 2010-06-07T13:08:47Z
Indexed on
2010/06/07
13:12 UTC
Read the original article
Hit count: 862
Summary: One of our web applications requires write access to C:\Windows\Temp
. However, no matter how much I weaken the NTFS permission, procmon shows ACCESS DENIED
.
Background (which might or might not be relevant for the problem): We are using OLEDB to access an MS Access database (which is located outside of C:\Windows\Temp). Unfortunately, this OLEDB driver requires write access to the user profile's TEMP directory (which happens to be C:\Windows\Temp when running under IIS 7.5), otherwise the dreaded "Unspecified Error" OleDbException is thrown. See KB 926939 for details. I followed the steps in the KB article, but it doesn't help.
Details:
This is the output of icacls C:\Windows\Temp
. For debugging purposes I gave full permissions to Everyone
.
C:\Windows\Temp NT AUTHORITY\SYSTEM:(OI)(CI)(F)
CREATOR OWNER:(OI)(CI)(IO)(F)
BUILTIN\IIS_IUSRS:(OI)(CI)(S,RD)
BUILTIN\Users:(CI)(S,WD,AD,X)
BUILTIN\Administrators:(OI)(CI)(F)
Everyone:(OI)(CI)(F)
However, this is the screenshot of procmon:
Desired Access: Generic Read/Write, Delete
Disposition: Create
Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Delete On Close, Open No Recall
Attributes: NT
ShareMode: None
AllocationSize: 0
Impersonating: MYDOMAIN\myuser
© Stack Overflow or respective owner