0

I'm developing a document repository using a .net core api project targeted for .net 7 and with minimal API. As a stopgap the uploaded files will be persisted as files to locally attached server filestore. Uploading files to the server as IFormFile works fine when I save them using the path returned from Path.GetTempPath() which is c:\users\[user]\AppData\Local\Temp but I can't create any folders under that path or use any other path. It throws "access denied" or "cannot find a part of the path" errors, so I'm assuming it's permissions.

I've tried using a share and a UNC path, I've tried running Visual Studio as Admin and I even tried setting full control for IUSR, IIS_IUSERS and NETWORK SERVICE on the folder I want. I understand the server run by Visual Studio is Kestrel and it will almost certainly be hosted on that in production. How can I give my app permission to write to locally attached filestore folders (I need to show compartmentalization) while I am developing it, I don't want to spend too much effort on access as the aim is to eventually store files in Blob storage, but one is not available right now.

Mustafa Özçetin
  • 1,893
  • 1
  • 14
  • 16
MisterA
  • 43
  • 6
  • Why not simply save your files to your output folder? You can also try to save on the root of a drive like C: or D: I never had issues with that. – madmax Jul 26 '23 at 16:21

2 Answers2

0

Don't give access to IUSR/IIS_IUSR on any folder, always use the app pool identity for better security. Please read this for more information on app pool identities.

What you could do is have a temporary folder outside of the wwwroot folder, it any. This way it's inaccessible from the browser. Please be careful, however, storing uploaded files locally can bring tremendous harm to your system if anyone uploads a virus. Also, set your permission accordingly.

EddieDemon
  • 184
  • 11
  • Thanks, I saw the posts on app pool identity, which I am familiar with when using actual IIS but I have no idea how to do this with kestrel running under Visual Studio. I'm not trying to use the wwwroot folder, I am trying to use a temporary folder - in c:\temp\ repository as it happens, but anywhere would do. All the places I have tried I can't create sub-folders or write anywhere. – MisterA Jul 27 '23 at 09:08
  • Then it's completely a security thing. Under the properties of that folder, go to security > advanced > tab 'effective access' and test the rights that user has. Note that the app pool user resides in the "iis apppool" domain e.g. "iis apppool\defaultapppool" – EddieDemon Jul 27 '23 at 12:12
  • Useful information but IIS doesn't figure in this at all, I don't even have it installed on the Win 10 machine I'm developing in , it's a standalone laptop. I at first thought VS was running the web app in IISExpress but it's not, it's Kestrel, about which I know nothing. In any case, see my answer, the problem has mysteriously gone away, it may have been an issue with fetching a path from SQL but I was stepping through the code and checking the paths it couldn't find, however I expect the \ and \\ issue was to blame. Thanks for your efforts to help. – MisterA Jul 27 '23 at 12:55
0

It seems I can now write to filestore today, no idea why I was receiving messages before, possibly a path error on my part. From what I can find on Kestrel it runs under the logged in user and I should have had full control over the folders and files. A "cannot find part of path" I could put down to a mistake in a path but I also had an unauthorised message when trying to write a file.

MisterA
  • 43
  • 6