System.UnauthorizedAccessException: Access to the path 'C:\Inetpub\wwwroot\Spicee Webservice\App_Data\Employee.xml' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlTextWriter..ctor(String filename, Encoding encoding)
at ResturantService.InsertDatabaseXML(String servername, String dbusername, String dbpassword, String dbname, String port)
I get the above error when i try to write a xml file. The code is working fine when i run it from VS2008.
I know this is something related to permission set for iis folder. But i don't want to do the permission setting manual because our plan is to distribute the application via website deployment package user will not have an idea to set the permission manually.
Also when i try to set permission to the folder using the below code for the iisuser.
Directory.CreateDirectory(sPathName);
DirectoryInfo info = new DirectoryInfo(sPathName);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(#"TAG1\IUSR_TAG1", FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule(#"TAG1\IUSR_TAG1", FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
info.SetAccessControl(security);
i get this error.
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections)
at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
at System.IO.Directory.SetAccessControl(String path, DirectorySecurity directorySecurity)
at System.IO.DirectoryInfo.SetAccessControl(DirectorySecurity directorySecurity)
at ResturantService.InsertDatabaseXML(String servername, String dbusername, String dbpassword, String dbname, String port)
Please help me in solving this issue.
Thanks in advance.
Well you need to change whatever you use to deploy your site to give write permissions to whatever account is being used to execute this code, or you need to put it somewhere else, or you need to set up an another account that can do this, so you don't hand out the permission to everyone and his dog.
It's no different to how a system works manually. If you log on as a low rights user, you can't just assign yourself higher permissions. You have to be authorised at a higher level in order to do that. It's like a UAC hit, or SUDO.
Related
We just upgraded to Sitecore 8.1 from 7.2. Search engine is Lucene and xDB disabled. The solution is hosted in ms azure cloud services Web Apps.
We noticed that the CMS CA is quiet slow. While looking at logs noticed a number of error logged below:
13876 2015:12:18 05:21:44 ERROR Could not compute value for ComputedIndexField: _content for indexable: sitecore://web/{2E25F9D3-BBBF-4160-BAE1-1EE4E701BD9B}?lang=en&ver=1
Exception: System.UnauthorizedAccessException
Message: Access to the path 'D:\App_Data\data\mediaIndexing\b3cd2fa1-9671-498f-9534-a94ad5a21923-Mypolicy.pdf' is denied.
Source: mscorlib
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalDelete(String path, Boolean checkHost)
at System.IO.File.Delete(String path)
at Sitecore.ContentSearch.ComputedFields.MediaItemIFilterTextExtractor.ComputeFieldValue(IIndexable indexable)
at Sitecore.ContentSearch.ComputedFields.MediaItemContentExtractor.ComputeFieldValue(IIndexable indexable)
at Sitecore.ContentSearch.LuceneProvider.LuceneDocumentBuilder.AddComputedIndexFields()
Could someone please suggest why sitecore is looking for Web forms for marketing index which we don't need it?
Thanks
There is nothing about WFFM index in your error - it only says that it cannot compute value of the _content field for {2E25F9D3-BBBF-4160-BAE1-1EE4E701BD9B} item.
It even tells you the reason - cannot access path on the drive. You should check access rights for the D:\App_Data\data\mediaIndexing directory and make sure it can be access by you application user.
With Azure Web Apps you should have a full access in the file system to the webroot and its descendants. Ensure the MediaIndexingFolder setting is not set to absolute path and does not point to outside of the webroot where the application lives.
By default, if the MediaIndexingFolder setting is not specified, it points to the $(dataFolder)/mediaIndexing path, where the $(dataFolder) must point to the \App_Data under the webroot.
We recently had the same issue. Essentially, make sure that on an Azure WebApp the standard zzDataFolder.config file is used which contains:
<sc.variable name="dataFolder">
<patch:attribute name="value">D:\home\site\wwwroot\App_Data</patch:attribute>
</sc.variable>
Using the other config that is included (DataFolder.config, which sets it to "/data") or your own config file (pointing to anything other than the full drive path) will break the mediaIndexing folder path (even though all other parts of Sitecore which use App_Data like "diagnostics" or "MediaCache" work perfectly well with the "/data" setting).
I moved the files in my DNN Community Edition (5.6) to another disk with the same path. I adjusted the IIS server's home directory's local path to new location (from C: to D:).
When going to the home page the server fails, unable to find the portals associated with the website:
[NullReferenceException: Object reference not set to an instance of an object.]
DotNetNuke.Common.Initialize.CacheMappedDirectory() in D:\Inetpub\wwwroot\DotNetNuke_Community\DotNetNuke_Community_05.06.05_Source\Library\Common\Initialize.vb:59
DotNetNuke.Common.Initialize.InitializeApp(HttpApplication app) in D:\Inetpub\wwwroot\DotNetNuke_Community\DotNetNuke_Community_05.06.05_Source\Library\Common\Initialize.vb:149
DotNetNuke.Common.Initialize.Init(HttpApplication app) in D:\Inetpub\wwwroot\DotNetNuke_Community\DotNetNuke_Community_05.06.05_Source\Library\Common\Initialize.vb:228
DotNetNuke.Common.Global.Global_BeginRequest(Object sender, EventArgs e) in D:\Inetpub\wwwroot\DotNetNuke_Community\DotNetNuke_Community_05.06.05_Source\Website\App_Code\Global.asax.vb:135
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
The web.config had no absolute paths in it. So, I've turned my attention to the database for setting the path for Portal 0, my only portal.
I've tried modifying the Home Directory entry in Table from Portals/0 to D:/Inetpub/wwwroot/DotNetNuke_Community/DotNetNuke_Community_05.06.05_Source/Website/Portals/0
without luck.
Your suggestions are appreciated.
The first thing I would check is to make sure you have the proper permissions configured on the new folder. You shouldn't need to change the HomeDirectory entry.
I use local storage on Windows Azure to store temporary files. In there I call an .exe file to make a conversion of several other files in same local storage folder. Problem is I always get the exception "Access to the path XYZ.exe is denied.".
I should mention the following:
- I am using a worker role
- set in the service definition file
and tried to add permission to the folder I am accessing:
public static void AddPermission(string absoluteFolderPath)
{
DirectoryInfo myDirectoryInfo = new DirectoryInfo(absoluteFolderPath);
DirectorySecurity myDirectorySecurity = myDirectoryInfo.GetAccessControl();
myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(
"NETWORK SERVICE",
FileSystemRights.FullControl,
AccessControlType.Allow));
myDirectoryInfo.SetAccessControl(myDirectorySecurity);
}
UPDATE:
I tried with this code now:
public static void FixPermissions()
{
var tempDirectory = RoleEnvironment.GetLocalResource("localStorage").RootPath;
Helper.addPermission(tempDirectory);
var dir = new DirectoryInfo(tempDirectory);
foreach (var d in dir.GetDirectories())
Helper.addPermission(d.FullName);
}
private static void addPermission(string path)
{
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone",
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None, AccessControlType.Allow);
DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity.AddAccessRule(everyoneFileSystemAccessRule);
directoryInfo.SetAccessControl(directorySecurity);
}
I get a really strange behaviour of the page. I still get the errors but sometimes some files gets converted by the ffmpeg.exe file.
Can someone help me out here??
Thanks a lot.
SOLUTION:
So seems the problem was that I ran the .exe file within local storage and therefore had the given security issues. Putting the .exe into the application and referring directly solved my issue.
Thx for your help.
By default your worker role will most likely not be running with sufficient privilege to allow changes to the access control lists on Azure folders.
There's two possible options:
Best: run a script at startup to set the permissions. Details are on MSDN here: http://msdn.microsoft.com/en-us/library/gg456327.aspx. You'll want to set executionContext="elevated".
The best way to write the script itself is through Powershell. An example is here: http://weblogs.thinktecture.com/cweyer/2011/01/fixing-windows-azure-sdk-13-full-iis-diagnostics-and-tracing-bug-with-a-startup-task-a-grain-of-salt.html. Alternatively, write a console application to do the same thing.
Easiest, but much less secure: set the security in your OnStart method, and run your whole worker role elevated: in your service definition file include
<WebRole name="WebApplication2">
<Runtime executionContext="elevated" />
<Sites>
However, I'd really not recommend that as it's a terrible security hole for something that's running in the public cloud.
In my Sharepoint Application Page, I'm trying to copy a file from a Network Shared Folder.. And my code's like below..
try
{
File.Copy("\\MShare\Public\Test.txt", "C:\Temp\Test.txt", true);
LblMessage.Text = "File copied.";
}
catch (Exception ex)
{
LblMessage.Text = ex.ToString() + " - " + ex.Message;
}
It's working well if I test the same code in ASP.NET Website.. But I'm getting error as follow with SP Application Page..
System.UnauthorizedAccessException: Access to the path '\\MShare\Public\Test.txt' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite) at System.IO.File.Copy(String sourceFileName, String destFileName, Boolean overwrite) at TestApp.PullingFile.ButGet_Click(Object sender, EventArgs e) - Access to the path '\\MShare\Public\Test.txt' is denied.
I've tried implementing impersonation by following this post.. Not working..
And I tried by changing at web.config with <trust level="WSS_Medium" originUrl="" /> also..
By default SharePoint uses impersonating. Meaning your code runs under the credentials of the current user. This user has not (and should not have) access to the server's file system.
What you can do is revert to the system accounts credentials in order to access the file system:
SPSecurity.RunWithElevatedPrivileges(() =>
{
File.Copy("\\MShare\Public\Test.txt", "C:\Temp\Test.txt", true);
});
What you have to keep in mind:
The system account (application pool account) has not necessarily access to the file system (least privileges scenario). (SO question)
The system account (application pool account) has not necessarily access to the network share.
Any user accessing your application page can execute your file copy code. You have to care about authorization yourself.
Last but not least:
Why do you have to copy the file to the server's file system after all? Do you need it physically on the server or is this just temporary (as one could guess by the path).
Every time I connect to a repository the credentials are stored in the user's home folder under the .subversion directory (UNIX systems). Is there anyway not to do this, or at least specify another directory something like --config-dir option under the command line?
I made a little hack that is change temporarily the user.home java property, but this doesn't work on Windows.
Thanks in advance,
Rui
One of the createDefaultAuthenticationManager() implementations allows this.
It is a static method in org.tmatesoft.svn.core.wc.SVNWCUtil.
Here is the description from https://svnkit.com/javadoc/
public static ISVNAuthenticationManager createDefaultAuthenticationManager(java.io.File configDir, java.lang.String userName, java.lang.String password, boolean storeAuth)
Creates a default authentication manager that uses the provided configuration directory and user's credentials. The storeAuth parameter affects on using the auth storage.
Parameters:
configDir - a new location of the run-time configuration area
userName - a user's name
password - a user's password
storeAuth - if true then the auth storage is enabled, otherwise disabled
Returns:
a default implementation of the credentials and servers configuration driver interface
So, you could do something like.
...set up repository...
File configDir = new File("MyFolder");
ISVNAuthenticationManager auth;
auth = SVNWCUtil.createDefaultAuthenticationManager(
configDir, user, password, false );
repository.setAuthenticationManager(auth);