0

Below is the classic asp code that raises "Permission Denied" error on trying to create a folder in a 2012 windows server from application published in another 2012 windows server. The windows server has IIS 8.5 and the application pool is integrated 4.0 with identity as ApplicationPoolIdentity.

Dim oFS, oF
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(basefolder) Then
    Set oF = oFS.CreateFolder(basefolder)
    Set oF = Nothing
End If
Set oFS = Nothing

Here basefolder is the path in which the new folder is to be created. Any suggestions to make it work would be appreciated.

Nagaraj Raveendran
  • 1,150
  • 15
  • 23

1 Answers1

1

Something to try:

Create a domain account that has permissions on the server where you want to create the folder. Also give it permissions to the website root folder on the server that is running the website.

Then change the website's application pool to run as that account (Application Pool -> Advanced Settings -> Process Model -> Identity).

Kevin Collins
  • 1,453
  • 1
  • 10
  • 16
  • Raised a IT request to create a new domain account. Will keep you posted if that worked! – Nagaraj Raveendran Apr 11 '17 at 16:47
  • I gave access to the root folder in which the web application is published and access to the root folders and sub folders in which I am creating a file and running the application pool with the domain account. still no success – Nagaraj Raveendran Apr 12 '17 at 22:16
  • Something else to try: in IIS manager -> website settings -> Authentication -> right-click Anonymous Authentication -> Edit... -> set Specific user to the domain account you created. – Kevin Collins Apr 13 '17 at 12:36
  • Also check the value of your baseFolder variable. The createFolder method won't create multiple folders in a path. For that you'd have to use something like this: http://stackoverflow.com/a/4407468/989516 – Kevin Collins Apr 13 '17 at 12:40
  • The createFolder method is creating only one folder at a time. Still not able to figure out the issue. – Nagaraj Raveendran Apr 17 '17 at 15:27
  • 1
    Is baseFolder a unc path? – Kevin Collins Apr 17 '17 at 17:52
  • Try loggin on to the IIS machine using the domain account you created that IIS is running as, and then try to access the other machine using whatever path is in baseFolder. – Kevin Collins Apr 17 '17 at 17:54
  • baseFolder is a UNC path. – Nagaraj Raveendran Apr 17 '17 at 18:32
  • I am able to access the UNC shared path by RDP into the IIS machine using the domain server account – Nagaraj Raveendran Apr 17 '17 at 18:38
  • Just to be sure, you can you create a folder at the desired location when logged in to the web server with that account? – Kevin Collins Apr 17 '17 at 22:11
  • "Here basefolder is the path in which the new folder is to be created." Just to be sure, does basefolder include the existing parent folder and end with the name of the new folder to be created? – Kevin Collins Apr 18 '17 at 12:26
  • @NagarajRaveendran wanted to check whether you tried this: In IIS manager -> website settings -> Authentication -> right-click Anonymous Authentication -> Edit... -> set Specific user to the domain account you created. – Kevin Collins Apr 21 '17 at 00:06
  • Yes, when I log into desired location with domain account it does allow me to create a folder. No, the parent and to be created folders have different names. – Nagaraj Raveendran Apr 24 '17 at 14:56
  • I have noticed that might help answer the question. If I open the server where the application is published with the domain account I could not open the server in IIS. Is that have to do something with the issue? – Nagaraj Raveendran Apr 24 '17 at 20:29
  • @NagarajRaveendran that is interesting. Could you try this: In IIS manager -> website settings -> Authentication -> right-click Anonymous Authentication -> Edit... -> set Specific user to the domain account you created. – Kevin Collins Apr 24 '17 at 20:32
  • This is an intranet application and we use windows authentication which the applications uses to get NT user information. I am not sure if we can have anonymous authentication enabled. – Nagaraj Raveendran Apr 24 '17 at 21:03
  • Do the user accounts authenticating to the web server have access to the target folder? – Kevin Collins Apr 24 '17 at 22:30
  • @NagarajRaveendran if the user accounts don't have access to the target folder, something else to try: In IIS manager, open Configuration Editor. Under Section, select “system.webServer/serverRuntime”. Select UseWorkerProcessUser. (The default value is UseAuthenticatedUser). – Kevin Collins Apr 25 '17 at 14:44