C# UnauthorizedAccessException — What It Means & How to Fix It

What Does This Error Mean?

UnauthorizedAccessException means your program tried to access a file, folder, or system resource but was denied permission. This is a security boundary — the operating system blocked the access. It is not a bug in your code logic, it is a permissions problem. The fix is either to grant the correct permissions to your program, or to access a different location that your program is allowed to use.

Affected Models

.NET Framework
.NET Core
.NET 5+
ASP.NET
Windows Services
Console Apps

Common Causes

Trying to write to a read-only file or a folder where the current user has no write access
A Windows Service or ASP.NET app running as a low-privilege account trying to access a protected folder
Attempting to write to 'C:\Program Files\' or 'C:\Windows\' which requires administrator rights
Trying to open a file that another process has locked with exclusive access
Accessing a registry key or system resource that requires elevated privileges

How to Fix It

Check the error message for the path that was denied. Right-click that file or folder in Windows Explorer, choose Properties > Security, and see what permissions exist.

Look for your user account or the account your program runs as. If it is not listed, or only has 'Read' access, that is the problem.
If your program needs to write files, use an appropriate location. For user data, write to Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) instead of Program Files.

Each Windows folder has intended uses. AppData is for application data. ProgramData is for shared app data. Program Files is for installed executables — not for writing at runtime.
For ASP.NET or Windows Service applications, identify the account the app runs as (the Application Pool Identity in IIS, or the 'Log On As' account in Services). Grant that account write access to the needed folder.

In IIS, right-click the folder > Properties > Security > Edit > Add. Type 'IIS AppPool\YourAppPoolName' and grant Modify access.
Check if the file is marked as read-only. In Windows Explorer, right-click the file > Properties and uncheck the 'Read-only' attribute. In code, check File.GetAttributes() before writing.

Read-only files throw UnauthorizedAccessException when you try to write to or delete them, even as an administrator.
Wrap the file operation in a try-catch for UnauthorizedAccessException and give the user a clear, helpful message about the permissions problem.

A message like 'Cannot save file — please check that the destination folder is not read-only' is much more helpful than a raw crash.

When to Call a Professional

Permissions issues on servers or corporate machines may require an IT administrator. For ASP.NET applications on IIS, the application pool identity needs to be granted appropriate folder permissions. For Windows Services, the service account needs the correct access rights. Never run a service as a full administrator just to bypass permissions — that is a security risk.

Frequently Asked Questions

Should I just run my program as Administrator to fix this?

Only as a last resort, and with caution. Running as Administrator gives your program full system access, which is a significant security risk. A better approach is to move the files your program needs to access into a location it already has permission to use. For server apps, grant only the specific permissions needed — principle of least privilege.

Why does my program work fine on my PC but fail on the server?

Your PC likely has you logged in as an administrator or as the file owner. On a server, ASP.NET and Windows Services run as limited service accounts with restricted permissions. The folder your program needs may not grant access to that service account. Fix this by granting the service account the necessary permissions on the server — not by running as admin.

What is the safest place to write files from a C# application?

For files specific to one user: Environment.SpecialFolder.ApplicationData (AppData\Roaming) For files shared between users: Environment.SpecialFolder.CommonApplicationData (C:\ProgramData) For temporary files: Path.GetTempPath() Avoid writing to Program Files, the Windows folder, or the application install folder at runtime.