Server Bug Fix: Access to the path ‘\Core-01MediaTemp’ is denied – aspnet user needed

Original Source Link

Windows 2016 | IIS10 | IIS Server Farm

For starters.
I just now moved all sites from the backup server to the Web Forest.
And the one site I am having the titled issue with luckily is not a part of the site where people can see it—just me.

I had run into this issue before a few months ago and was able to resolve it without to much fuss.
However, there seems to be an issue now.

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.

Users added to [Security] tab permissions

IUSR NETWORK SERVICE [email protected]
(Custom pool identity)
Administrators (Default)

(ASPNET User is NOT available, and I have no idea on how to enable this user)

To grant ASP.NET access to a file, right-click the file in File Explorer,
choose “Properties” and select the Security tab.
Click “Add”
to add the appropriate user or group.
Highlight the ASP.NET account,
and check the boxes for the desired access.

The issue now is, I DO NOT have the ASPNET user as an option to chose from, and this used to be an option a few months back.
So, what happened to it?

UPDATE
I followed the instructions on this site here.
ASPNET User Identity Model
I could not get the aspnet_regiis -I to work with any other version of asp.net on the server.
So, I had to use the one which is used on the page.
After installing asp.net 3.0 (Which comes with 2.0)
And then running the aspnet_regiis -I
I rebooted the server.
Still, the ASPNET user does not show.

So, I am at a loss, people.
It used to be here, as I was using the user before in the 2016 server.
So, what happened to it?
Clearly, it is needed for this site, since the Network Service does not do it.

Any ideas on this would be great.
Wayne

You asked a very good question with exact error messages, so it is clear what issue you met. So we go through the whole process.

An ASP.NET application (likely .NET 2.x/3.x) gave you an error message

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.

which should be very clear if the web app runs on IIS 5.x/6.0/7.0. However, time flies so people can be surprised to see that accounts like IUSR_MACHINENAME or {MACHINE}ASPNET are gone, and Network Service is not the base process identity any more (IIS 7.5+).

Thus, the only correct hint is “the configured application pool identity on IIS 7.5”, which like I commented above is the custom domain account you used for this web application.

To summarize the issue again, ASP.NET web app running under a custom domain account cannot access a remote file share, and reports an error.

With this in mind, the rest is rather simple for you, to locate whether the right permissions are set. Even though on your servers actually another problem (failed shared configuration) prevents the things from working, you can easily resolve it.

So, keep up the good work on your side to always focus on the exact symptoms and ask the right questions.

Tagged : / /

Leave a Reply

Your email address will not be published. Required fields are marked *