.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Wrong Account being used to access files - Help - No Impersonation

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

I run a simple .aspx website on a Windows Server 2008 machine.

There is NO impersonation, and System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\NETWORK SERVICE, which it the account which the application pool runs. In my web.config, I have <authentication mode="Forms">.


I tried to test the security of the application and server by removing file permissions to the .aspx files. I was greatly worried when the website continued to run without problem (it should not have been able to read the .aspx files).

By turning on file level auditing, I discovered that the .aspx files were being read by the machine$ account (if the machine is called Serv1, then the files would be read by the Serv1$ account, which seems to have access to all files on the local machine).


Is this a security breach or is this behaviour by design ?

Please can somebody assist, as I am worried.

View Complete Post

More Related Resource Links

Disallow Direct Access To Files



Here is my dilema, on my site i have a WordPress Audio player (http://wpaudioplayer.com/standalone) that plays my mp3's.

It loads the Mp3's in by javascript...example below:

       AudioPlayer.embed("audioplayer_7", { soundFile: "/Files/Music/[name of file].mp3" });

This file name is clearly visible in the browser source. Not a problem, however this means that any user can legitimately browse to the file directly and download it.

Now i still need the mp3 player (which is flash) to have access to the file but if a user was to try accessing the file directly, they would not be allowed access to it.

I am not sure how to go about this, i am circling the idea of a httphandler but not sure if this is sufficiant to stop the direct access to the file.

Any help would be appreciated

"Access is denied. Check that the Default Content Access Account has access to this content"


Our search is not working. The crawl log indicates following error: "Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (The item was deleted because it was either not found or the crawler was denied access to it.)".


If I check the event viewer, it indicates following error: "Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. [CLIENT: <local machine>]"


My default content access account is another one than this NT AUTHORITY\NETWORK SERVICE account. The content access account password is correct. Apparently this content access account is translated to the NETWORK SERVICE account upon a crawl. And this network service account doesn't has the appropriate rights on database level. How can I fix this?


Error in Impersonation - different domain account.

Hi I am trying to stop a windows service in a server(on different domain) from my C#.NET windows application using ServiceController I am getting following error Inner Exception: {"Access is denied"} Exception Message: "Cannot open Service Control Manager on computer 'x.y.z.a'. This operation might require other privileges." Enviroment:       Windows application running on Windows 7, C#.NET, 3.5 on “ABC” DOMAIN       Target service running on Windows 2003 server. on “XYZ” DOMAIN       Port 445,135 opened between two systems Code:       ServiceController lo_WinSC = new ServiceController();       lo_WinSC.MachineName = "SYSTEMIPAddress";       lo_WinSC.ServiceName = "ServiceToBeStopped"; Some forum suggesting to impersonate account of target domain but failed to Impersonate. Error: “The security database on the server does not have a computer account for this workstation trust relationship”   Question 1: Is it possibile to impersonate account of different domain. i.e My application running on “XYZ” domain, I would like to impersonate an account “ABC” domain. Note: Port LDAP port 389 is opened between two systems. Is possb

Merge Replication: How to give read access on snapshot share to a sql account

Hello All, I want to give read access to an sql account(not windows account). Can it be given or not. Someone please tell. Thanks saandii777

Data from text files, What's wrong with my code?

Hi all, I have uploaded some tab-delimited .txt files on my web site (actually run on my computer, ie localhost, for now), and now I try to retrieve the data from those files. I do this by calling a vb file containg the sub below. Everything works great, except that the sub won't recognise unicode characters. I can split the resulting string using vbnewline and vbtab, but already in the sub in question, the string doesn't understand the Swedish letters åäö, apostrophes and more. Any help would be greatly appreciated! /Pettrer       Shared Function getTextfile(ByVal FullPath As String, Optional ByRef ErrInfo As String = "") As String Dim strContents As String = "" Dim objReader As StreamReader Try objReader =New StreamReader(FullPath) 'UTF8Encoding? strContents = objReader.ReadToEnd() objReader.Close() ErrInfo = Ex.MessageCatch Ex As Exception End Try Return strContents End Function  

WCF Service Unable to Access Personal Certificate Store Unless Service Account is Logged In

I created a WCF service that has a method which makes a call to a SOAP web service over the internet. In order to make a call to the SOAP web service, it requires that an X.509 certificate be sent with the HttpWebRequest. The X.509 certificates are loaded in the Personal and Trusted Certificate store of the account which the service is running under. When the service account is logged into the server, everything works just fine. However, when the service account is not physically logged onto the server, it has problems loading up the X.509 certificate and fails authentication when trying to make the HttpWebRequest. I am new to WCF services so I don't even know where to start looking. Can anyone please help? Thanks in advance.

SQL 2008 External access returns wrong address for Report Manager

Hello, I have problems with the external access for report server. My report server is running in a local server on port 80, which can be accessed through http://servername/reports I have set up external access to the report server through http://servername.domain.com:8081/reports , so I set up a redirection from public port 8081 to port 80 on the local server. When I write the address http://servername.domain.com:8081/reports in a browser, I get asked for user authentication(Windows domain user), which is accepted, but after that I get an error because the URL automatically changes to http://servername.domain.com/Reports/Pages/Folder.aspx (without the port 8081) If I write http://servername.domain.com:8081/Reports/Pages/Folder.aspx , it works. I can see the report manager home page and browse through my reports. But there are some links in the page that are built improperly, since they still point to the wrong URL (without port 8081). These are e.g. the Help link, the Report Builder link, the Details view link.  So I think there is something wrong with the response the report server sends, when I write ".../Reports" and returns ".../Reports/Pages/Folders.aspx" I haven't found any configuration file or property where this response is specified, neither where the report

User Profile Synchronization: Name of user account / id uses wrong Netbios domain name?!

I've got an interesting situation: I've got a domain e.g. FOOBAR.FI. The Netbios domain is due to historical reasons BARFOO. When I use UPS to import accounts from the FOOBAR.FI domain, the user account names in SharePoint are given the id of FOOBAR\<useraccount>. This works so and so. Users are identified and My Sites is fine. However the organizational chart and other fields where you can specify another user don't work as they should. If the manager is specified from AD, the organizational chart works. However, if I edit a profile and check the manager, it's in the form of FOOBAR\<useraccount>. SharePoint highlights this and a tooltip says that the account cannot be found. As a suggestion, it gives BARFOO\<useraccount>, which is found from the AD. All fine and dandy, until you check the organizational chart, which turns out to be empty at this point. This is because in SharePoint there's no user with the name BARFOO\<useraccount>, but only those FOOBAR\<useraccount> users who've been imported from the AD. So bottom line question is: How does UPS select and set the user account name?

Web Service Unable to access Directory (Temporary ASP.NET Files) CS0016

QuestionMoving web service to a production level server. This is not a new server, but is new to running an ASP.NET 2.0 web service. No other websites or services existed on this server.

Installed .Net 2 and specified that ASP is registered for 2.0 using aspnet_regiis. Installed missing components such as Front page extensions. When I try to browse to the services asmx page I get the error saying that the process has a compilation error and cannot access the asp.net temp directory under the 2.0 Framework. I looked at the directory and it appears that the asp.net process and others have correct access.

Note a basic asp.net page will come up as well as a basic html page.

All comments are welcome.

  • .Net 2
  • ASP.NET aspnet_regiis specifies .Net 2 as root
  • C#
  • IIS6
  • Windows Server 2003 SP1

Search Administration: Default content access account - 'Error'


In Search Administration; Default content access account show 'Error'.
To fix it, I have to always restart 'Office Search Service'.

But need to find permanent solution.

I went through various blogs and found below blog with sucess response.
I tried same on my server but did not help.

Can someone help?

Windows PGM socket access error with non-admin account




I'm trying to use PGM sockets to send data. I can listen and receive data fine from a PGM socket using a non-admin account, but when I try to create a socket to send data I get an exception at this step:

socket.Bind(new IPEndPoint(IPAddress.Any, 0));

The exception is:

An attempt was made to access a socket in a way forbidden by its access permissions

Note that if I run the same code under an admin account it works fine. Is there a way to create a sender PGM socket without running under an admin account?

Impersonation with domain account without joining the domain?


My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.

Basically I am working at my client site and my machine is not connected to the domain.
What I want to do is running a web application locally under a domain account, and using the webdev server.
The webapp uses the default authentication, windows authentication that is.
I tried using impersonation with domain\user & password but I got the following error

Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.

I have to mention that the username and the password are correct.

Thanks in advance

Access to update application files stored in Program Files, restricted on a Windows 7 device when us


Hi all,


I'm here to solve a problem, and that is our application, which speaks to a central server on startup, checks for updates and if found, updates its local files (stored in Program Files) with those pushed from the central server.  Currently, we are getting access denied exception when this updater tries to add/edit files in this special directory.  What I am looking for is a way to accomplish this updating process without moving these application files to a different location.

Unable to access files on web server, going crazy!


I have a computer running visual web developer express 2008 that does not access most files on my web server. The file tree is there but when I try to open a file "unable to get file ----- from the web server" appears. I have uninstalled, cleaned, searched for answers but am not able to fix the issue. This happened 4 days ago. Other computers running same software can access the files. Linux RH-Ent web server (if it matters) Any help appreciated.

Microsoft Office Excel cannot access the file 'C:\inetpub\wwwroot\ProjectWebSite\Files\ROUTINE_MCA.


Hello everybody.

I am in a critical situation. I first tried to make a project (file->new->project) using visual studio, where I displayed the content of a excel file by GridView. I was successful then, but when I attach it to my website located in inetpub I am getting this error :

Microsoft Office Excel cannot access the file 'C:\inetpub\wwwroot\ProjectWebSite\Files\ROUTINE_MCA.xlsx'. There are several possible reasons:

. The file name or path does not exist.
. The file is being used by another program.
. The workbook you are trying to save has the same name as a currently open workbook.

At first I faced some COM related problem and found solution in Google, but this particular problem is not solving. Is there any way to access Excel document in asp.net website?

In my application there is a facility of uploading excel document to the server and then display its content. But I have failed to do this display operation, is there any turn around way, like store the excel document as dataset and then access it as required.

Please help. I am in great trouble. Thanks in advance.

Webservices access denied with service account "NetworkServices"


I have created an asp.net web application on  windows server 2008. I have created a website in IIS 7 with an application pool. The application pool has the identity "NETWORKSERVICE". I have a web reference in my application with a certificate.

When I create a new web application and add the code below and add the web reference, and run the web application from the solution (and not from a website in IIS), the web service works fine. I think the local administrator has permissions and the network service account not. Is this the problem? And is there solution?

public static PartsService MyCompanyPartsService
                if (_partsService != null)
                    return _partsService;

                _partsService = new PartsService();

Access to path denied aspnet account - windows 7


I have seen this error many times in past and what all I used to do was to add aspnet account to the directory and provide it with read and write access.  But this time I am trying to run an application in Windows 7(64 bits) - I had to manually enable the IIS from windows feature in Control Panel.

But I dont see any aspnet account in 'security' tab of any of the directories (in its properties). I even ran aspnet_regiis -i in v2.0.50727 and v4.030319 directories.   How do I get aspnet user account to show up in any folder? Any help would be greatly appreciated.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend