Update the ACL of a file from an ASP.NET application

It’s not uncommon that ASP.NET applications have the need to use a personal .config file to write some runtime information. Since ASP.NET applications are not granted the permission to create or edit files on the server, the best place to store persistent data is a table in a database server (not an Access database). However, let’s assume that you just want to write to a file. How can you work around the lack of write permissions? The .NET documentation suggests that you change the named security information for the file. On an NTFS formatted disk, this can be easily done manually by displaying the Properties dialog of the file and selecting the Security tab. Next, you ensure that the ASPNET user is authorized to operate on the file with write permissions. So far so good.

What happens when you deploy the application? In most cases, the administrator will be more than happy (so to speak…) to take care of it. However, should you have the need to accomplish that task programmatically, be ready to face a bad and a good news. The bad news is that you must necessarily resort to Win32 API calls and in particular to the SetNamedSecurityInfo API function from advapi32.dll. Neither version 1.0 of the Framework, nor Everett (v. 1.1) will provide a redesigned managed API for system security. In the end, either you write a managed wrapper for the API (sample code is available at http://www.gotdotnet.com/team/csharp/code/default.aspx) or resort an extremely handy tool that ships with the operating system: cacls.exe. The following command line shows how to configure data.config so that ASP.NET applications can write to it.

cacls.exe data.config /E /G: ASPNET:F

The /E switch indicates that you want to edit the security descriptor, not replace it. The /G switch indicates that you want to add a new user to the group with the specified privileges. If the specified user exists in the group, the existing account is modified. The F argument means that you want to give the ASPNET user full control over the file. This is exactly what ASP.NET applications need for a smooth setup. The best way to integrate this code with the setup is by defining a custom action on the Visual Studio .NET setup project and use that command line for it.

Share the Post:
Share on facebook
Share on twitter
Share on linkedin


The Latest

your company's audio

4 Areas of Your Company Where Your Audio Really Matters

Your company probably relies on audio more than you realize. Whether you’re creating a spoken text message to a colleague or giving a speech, you want your audio to shine. Otherwise, you could cause avoidable friction points and potentially hurt your brand reputation. For example, let’s say you create a

chrome os developer mode

How to Turn on Chrome OS Developer Mode

Google’s Chrome OS is a popular operating system that is widely used on Chromebooks and other devices. While it is designed to be simple and user-friendly, there are times when users may want to access additional features and functionality. One way to do this is by turning on Chrome OS

homes in the real estate industry

Exploring the Latest Tech Trends Impacting the Real Estate Industry

The real estate industry is changing thanks to the newest technological advancements. These new developments — from blockchain and AI to virtual reality and 3D printing — are poised to change how we buy and sell homes. Real estate brokers, buyers, sellers, wholesale real estate professionals, fix and flippers, and beyond may