I've been strugling in the past few days with an Asp.Net MVC website which has to use the Google Apis (Calendar)
It works just fine in ASP.Net Developement Server, or IISExpress, but it just won't work on IIS 7.5.
Here's the basic authentication code :
private async Task Run()
{
UserCredential credential = GoogleWebAuthorizationBroker.AuthorizeAsync(new ClientSecrets
{
ClientId = "xxxxxxx",
ClientSecret = "xxxxx",
},
new[] { CalendarService.Scope.Calendar },
"xxx#gmail.com",
CancellationToken.None).Result;
and on IIS I always get this :
[UnauthorizedAccessException: L'accès au chemin d'accès 'Google.Apis.Auth' est refusé.]
Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +185
Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task) +114
Google.Apis.Auth.OAuth2.<AuthorizeAsync>d__1.MoveNext() in c:\code\google.com\google-api-dotnet-client\default\Tools\Google.Apis.Release\bin\Debug\output\default\Src\GoogleApis.Auth.DotNet4\OAuth2\GoogleWebAuthorizationBroker.cs:54
(The exception text means "Access to the path 'Google.Apis.Auth' is denied)
I had the problem with the previous version API version, upgraded to the 1.8.1.31688 version but the error remains...
My app pool runs under Network Service identity, I gave it full-control access to my website folder (I even gave "Everyone" full control, just in case...) but same result.
Same symptom on my dev computer (which can be overriden using IISExpress) and the prod server, which is more "annoying"...
Thanks for any help you may bring to me !
Is IIS running under Partial Trust? It could also possibly be trying to write to the system or ASP.NET temporary directory and failing.
There is an additional parameter you can add after the cancellation token for a FileDataStore. This tells where the token should be stored. the default location is on your system in the AppData folder in your C:\ drive. Update your parameter to look like this:
...
"xxx#gmail.com",
CancellationToken.None,
New FileDataStore("XXX")).Result
;
Where "XXX" is the full path on your local machine where you want it to be stored. In C#, you can use Server.MapPath to get to the root of your website, and then put the location where the token should be stored.
** NOTE: while I know this parameter is here, I STILL get this error. I added a folder to the root of my website and granted full permissions to EVERYONE but still get this error. Let me know if you are able to get around this.
Related
I have a function that generates a PDF from a HTML page like this:
HtmlToPdf converter = new HtmlToPdf();
PdfDocument doc = converter.ConvertUrl(url);
var PdfArray = doc.Save();
doc.Close();
This works perfectly when I run it in VS 2017, However when I deploy to IIS it throws the following exception: "Conversion failure error 5."
According to my Googling this is related to the IIS not having the correct access to write. However I have as an attempt given that application access to every operation.
All suggestions would be greatly appreciated.
From the troubleshooting page on SelectPdf website:
https://selectpdf.com/docs/Troubleshooting.htm#item3
The error code is this:
ERROR_ACCESS_DENIED
5 (0x5)
Access is denied.
Enable execute permissions on Select.Html.dep.
You need to go to the bin folder of your deployment to IIS and set execute permissions for the Select.Html.dep file. If you do not know the app pool user, in the first place, just set permissions for Everyone to see if it works.
We just upgraded to Sitecore 8.1 from 7.2. Search engine is Lucene and xDB disabled. The solution is hosted in ms azure cloud services Web Apps.
We noticed that the CMS CA is quiet slow. While looking at logs noticed a number of error logged below:
13876 2015:12:18 05:21:44 ERROR Could not compute value for ComputedIndexField: _content for indexable: sitecore://web/{2E25F9D3-BBBF-4160-BAE1-1EE4E701BD9B}?lang=en&ver=1
Exception: System.UnauthorizedAccessException
Message: Access to the path 'D:\App_Data\data\mediaIndexing\b3cd2fa1-9671-498f-9534-a94ad5a21923-Mypolicy.pdf' is denied.
Source: mscorlib
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalDelete(String path, Boolean checkHost)
at System.IO.File.Delete(String path)
at Sitecore.ContentSearch.ComputedFields.MediaItemIFilterTextExtractor.ComputeFieldValue(IIndexable indexable)
at Sitecore.ContentSearch.ComputedFields.MediaItemContentExtractor.ComputeFieldValue(IIndexable indexable)
at Sitecore.ContentSearch.LuceneProvider.LuceneDocumentBuilder.AddComputedIndexFields()
Could someone please suggest why sitecore is looking for Web forms for marketing index which we don't need it?
Thanks
There is nothing about WFFM index in your error - it only says that it cannot compute value of the _content field for {2E25F9D3-BBBF-4160-BAE1-1EE4E701BD9B} item.
It even tells you the reason - cannot access path on the drive. You should check access rights for the D:\App_Data\data\mediaIndexing directory and make sure it can be access by you application user.
With Azure Web Apps you should have a full access in the file system to the webroot and its descendants. Ensure the MediaIndexingFolder setting is not set to absolute path and does not point to outside of the webroot where the application lives.
By default, if the MediaIndexingFolder setting is not specified, it points to the $(dataFolder)/mediaIndexing path, where the $(dataFolder) must point to the \App_Data under the webroot.
We recently had the same issue. Essentially, make sure that on an Azure WebApp the standard zzDataFolder.config file is used which contains:
<sc.variable name="dataFolder">
<patch:attribute name="value">D:\home\site\wwwroot\App_Data</patch:attribute>
</sc.variable>
Using the other config that is included (DataFolder.config, which sets it to "/data") or your own config file (pointing to anything other than the full drive path) will break the mediaIndexing folder path (even though all other parts of Sitecore which use App_Data like "diagnostics" or "MediaCache" work perfectly well with the "/data" setting).
I have a problem I hope someone might help me with.
I've created a custom action page where I among other things will scan a directory on a remote server for a set of directories, and inside those directories I am searching for a set of files.
However, when I execute the code on the production server I get an Access denied exception.
If I use the same code on my testserver (accessing the same remote server) it works just fine.
If I use powershell or explorer on the production server I can access the remote directory and files with no problems.
I am using the same account in all scenarios (if I print out Page.User.Identity.Name and SPContext.Current.Web.CurrentUser.LoginName they are the same and equal to the account I use on the test server and the one I am logged on with on the production server when accessing the remote server from command line or explorer).
The code looks like this:
string user = SPContext.Current.Web.CurrentUser.LoginName.Remove(0,7);
string user_path = "\\\\srv\\share1\\subdir\\dir\\" + user;
// The line below will raise an exception on the production server.
foreach (string board_path in Directory.GetDirectories(user_path, "Board*")) {
foreach (string board_file in Directory.GetFiles(board_path, "Board*.xml")) {
.
.
}
}
I cant figure out why the code runs on the testserver but not on the production machine. I am using SharePoint 2010 Standard.
Thanks in advance for any kind of help I can get.
/Fredrik
The problem was solved by using SPSecurity.RunWithElevatedPrivileges()!
/Fredrik
I have a need to write a .NET application which will query Active Directory while running in Windows PE on a computer which is not yet a member of the domain.
We are running this during a Microsoft Deployment Toolkit task sequence (note that MDT 2012 has been configured to load support for .NET into the WinPE environment - the .NET application is starting without any problems).
I am using the code below to bind to the domain:
DirectoryEntry entry = new DirectoryEntry(
path,
username,
password,
AuthenticationTypes.ServerBind | AuthenticationTypes.Secure);
I have tried a path both of the form:
LDAP://domainServer/dc=domain,dc=name
And also without a domain controller name as
LDAP://dc=domain,dc=name
I have also tried using a username both of the form domain\username and also just username.
The DirectoryEntry object seems to be constructed okay, but when I try to execute Console.Writeline(entry.Name) to confirm a valid connection has been made, I get the following exception:
System.Runtime.InteropServices.COMException (0x80005000): Unknown
error (0x80005000) at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_Name()
I have tried other variations on this code, trying to execute LDAP queries with various filters, trying to rewrite it in VBScript, etc... but the code posted above is the simplest example I could come up with which reproduces the problem.
From what I have read, in a scenario like this you would always need to use AuthenticationTypes.ServerBind and that is why I am trying to specify the code within the ADSI LDAP path. But what is wrong with the code above? To me, it looks like it is passing all needed information in the parameters to the DirectoryEntry constructor.
There is a way to get it work, but it's not supported by Microsoft. This post helped me a lot. It works, tested and approved for a deployment of new computers :)
Get the ADSIxXX.inf from the zip file to C:\ADSI
Copy the following files from a Windows/System32 to C:\ADSI. Carefull of Architecture
x86 x64 -
adsldp.dll
adsmsext.dll
adsnt.dll
mscoree.dll
mscorier.dll
mscories.dll
Mount the bootimage.wim
No need to load Package (Your WinPE is already configured to load .NET API), juste add ADSI driver:
Dism /Image:C:\Mount /Add-Driver /Driver:C:\ADSI\ADSIxXX.inf /forceunsigned
No need to load his script
Unmount the bootimage.wim
Then it's done, if your .NET application is well implement ;)
I'm not sur the PIPE | is supported as an argument too, just set to AuthenticationTypes.Secure -
DirectoryEntry entry = new DirectoryEntry(
path,
username,
password,
AuthenticationTypes.ServerBind | AuthenticationTypes.Secure);
Link: http://www.deploymentresearch.com/Research/tabid/62/EntryId/74/ADSI-plugin-for-WinPE-4-0.aspx#AddComment
I want my MVC3 web application to access %APPDATA% (e.g. C:\Users\MyUsername\AppData\Roaming on Windows 7) because I store configuration files there. Therefore I created an application pool in IIS with the identity of the user "MyUsername", created that user's profile by logging in with the account, and turned on the option "Load User Profile" (was true by default anyway). Impersonation is turned off.
Now I have the problem that %APPDATA% (in C#):
appdataDir = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
resolves to c:\windows\system32\inetsrv instead of C:\Users\MyUsername\AppData\Roaming.
UPDATE: More exactly, the above C# code returns an empty string, so that Path.GetFullPath(Path.Combine(appdataDir, "MyAppName")) prepends the current path to my application name, resulting in c:\windows\system32\inetsrv\MyAppName.
I know I made this work before with the same web application on a Windows Server 2008 R2, and now I'm getting this problem with the same major version 7.5 of IIS on my Windows 7.
I used the same procedure as before: Created a new user, logged in as that user to create the profile and APPDATA directories, then added the application pool with this identity and finally added the web application to this pool.
Any ideas?
Open your %WINDIR%\System32\inetsrv\config\applicationHost.config and look for <applicationPoolDefaults>. Under <processModel>, make sure you don't have setProfileEnvironment="false". If you do, set it to true.
Application Pools - Your application Pool - Advanced settings ...
Process Model - Load user Profile set True.
It Helps me.
Taken from
https://blogs.msdn.microsoft.com/vijaysk/2009/03/08/iis-7-tip-3-you-can-now-load-the-user-profile-of-the-application-pool-identity/
I experienced the same problem recently. As mentioned by Amit, the problem is that the user profile isn't loaded. The setting is for all application pools, and is in the applicationHost.config (typically C:\Windows\System32\inetsrv\config\applicationHost.config). If you update the applicationPoolDefaults elements as follows, it will work;
<applicationPoolDefaults managedRuntimeVersion="v4.0">
<processModel identityType="ApplicationPoolIdentity" loadUserProfile="true" setProfileEnvironment="true" />
</applicationPoolDefaults>
We've tried this with IIS 7.5, and taken it through to production without problem.
You can automate this if you want;
appcmd set config -section:system.applicationHost/applicationPools /applicationPoolDefaults.processModel.setProfileEnvironment:"true" /commit:apphost
or if you prefer powershell
Set-WebConfigurationProperty "/system.applicationHost/applicationPools/applicationPoolDefaults/processModel" -PSPath IIS:\ -Name "setProfileEnvironment" -Value "true"
Hope this helps
I am experiencing the same problem. Have you by chance installed the Visual Studio 11 beta? I did recently, and I've noticed a couple of differences in how the 4.0 compatible .dlls for that work with our code. I'm still trying to track down the problem for certain, but I didn't have this problem before that.
Edit:
After comparing the decompiled sources from 4.0 and 4.5 for GetFolderPath (and related), there are differences. Whether they are the source of the problem...I'm not sure yet.
Edit 2: Here are the relevant changes. I'm working on trying both to see if I get different results. [code removed]
Edit 3:
I've now tried calling SHGetFolderPath directly, which is what the .NET Framework ends up doing, anyway. It returns E_ACCESSDENIED (-2147024891 / 0x80070005). I don't know what has changed where I'm getting that in some specific cases, but not in others.
Edit 4:
Since you're getting a empty string, you may want to switch your code to use SHGetFolderPath so you can get the HResult and at least know what exactly is happening.
void Main() {
Console.WriteLine( GetFolderPath( Environment.SpecialFolder.ApplicationData ) );
}
[System.Runtime.InteropServices.DllImport("shell32.dll")]
static extern int SHGetFolderPath(IntPtr hwndOwner, int nFolder, IntPtr hToken, uint dwFlags, StringBuilder pszPath);
private string GetFolderPath( Environment.SpecialFolder folder ) {
var path = new StringBuilder( 260 );
var hresult = SHGetFolderPath( IntPtr.Zero, (int) folder, IntPtr.Zero, 0, path );
Console.WriteLine( hresult.ToString( "X" ) );
return ( (object) path ).ToString( );
}
The problem is with your IIS settings. The answer is here: Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) returns String.Empty