All of a sudden started getting error.
Bad Request. User message: "You cannot share this item because it has been flagged as inappropriate."] Location[ - ] Reason[abusiveContentRestriction] Domain[global]
Uploading a file and then sharing the file permission through Service Account, the following Google Drive Permission API for sharing the file access to the email id.
https://developers.google.com/drive/api/v3/reference/permissions/create
role: writer
type: user
emailAddress: someone#companydomain.com
This is happening for all the files, irrespective of the file content, so nothing wrong with the content. And same content works well with different service account which is in used for pre-production setup.
We've checked the available online resources, but that was not helping us.
This is an issue with the file itself and not related to the api
if your file was flagged you can go to the drive web application and request that the file be reviewed again review
if the file is uploaded to the server account drive account I don't think you can request a review.
It appears that the user may be a workspace domain user. If the file was uploaded to the shard domain was domain wide delegation properly configured on the service account? I also wonder what type of file this is.
Related
I am implementing a .NET Core (3.1) web api that reads files from a network drive, does string manipulations in them, and writes them out in a different folder (within the same network drive).
The goal is to trigger that process through an HTTP request.
To achieve that, I created my web api project, deployed to IIS 10 (win10), and the web application runs perfectly.
However, I always run into permissions issues when trying to access the network drive:
System.UnauthorizedAccessException: Access to the path '\\my\network\drive' is denied.
at System.IO.FileSystem.CreateDirectory(String fullPath, Byte[] securityDescriptor)
at System.IO.Directory.CreateDirectory(String path)
...
I have tried using all different identities under Application Pool -> Advances Settings -> Identity, and nothing worked.
What I hear from my company's infrastructure team, authorization to this network drive are granted at the user level, so it would not be possible to just give permissions to my web server's machine account to access the drive (apologies if I am not using proper terminology here - not a networking guy).
I have been trying to sort this out for a couple of days now, without any luck. Any help would be very appreciated.
TL;DR:
I have a .NET Core web app that receives an HTTP request, and when it does, it is supposed to read and write files that exist in a network drive. However, System.UnauthorizedAccessException is thrown, preventing my application from accessing the network drive and its contents.
UPDATE:
Not sure if this makes sense, but what I am thinking is, I cannot allow access to my network drive to group IIS_IUSRS (the group for application pool users), because it is a local group in the machine that hosts my application. That being the case, maybe what I need is to configure that application pool to run as a specific domain user that has read/write permissions in my network drive. Is this even possible? If so, how can I accomplish this?
This is because your drive has set access permissions and the application cannot access it.
Right click on your drive directory, then click "Properties":
Click "Edit":
I recommend giving all "Group or user names" full control permissions:
I have an MVC web application that is supposed to allow users to download files that are stored as UNC paths in a database. These files can be in any number of locations on remote servers/shares.
E.g. Server 1 hosts the web application that is used to download a file stored on Server 2
I do not want to give permissions to these folders to the hosting service account, as the security should be dependent on what the user has access to. Therefore, I'm attempting to use Impersonation to retrieve the file.
When I debug on my local machine, everything works great. It impersonates my user and downloads the file.
When I deploy to my test server, I'm getting the following error:
Access to the path '\\Server2\SharedFolder\somefile.txt' is denied
I've tried various pieces from this Microsoft link, but am not having much luck.
Scenarios I've tried:
Just giving the permission to the service account of the AppPool works fine, but as I said, isn't ideal
Implementing the Impersonate a Specific User in Code from the above article, which works perfectly with a hard-coded user and password. This situation is also not ideal.
Implementing the Impersonate the Authenticating User in Code from the above article. This seems to be exactly what I need, but this is what generates the Access Denied error.
The Code that I want to work:
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
//Code to read all bytes from the file path
impersonationContext.Undo();
I have logging, and System.Security.Principal.WindowsIdentity.GetCurrent().Name after the impersonation does return the intended user (my account instead of the service account), so it does appear to be working.
I thought maybe it was a double-hop thing, so I have also added SPNs for the server and the service account, making sure their Delegation in AD was set to allow for any service. That hasn't helped either.
This question seems to have the exact same problem as me, but there's no follow-up on what the final solution was. I did try the Process Monitor part, but it didn't help at all.
I'm at a loss to why Impersonation seems to be working, but I'm denied access to a file on a second server.
Update 1
I've played around more with my IIS settings and trying to get Kerberos properly set up. The only thing enabled in my IIS Authentication is "Windows Authentication".
When I spit out details after my Impersonate() call, I'm finding that ImpersonationLevel = Impersonation
Is that how it should be, or should that be returning Delegation ?
It would seem the issue was mostly due to my setup with Kerberos and SPNs. I undid all my settings and re-registered my service account, and the Impersonation ended up working properly.
The issue now is that it only seems to work with Internet Explorer. Chrome and MobileIron are doing something different that prevents the ImpersonationLevel of Delegation. That's a whole other question...
I just wanted to see folders and files under root directory when i set ‘root’ in parents in Q, but I can see only one file titled “Get started” pdf file. (I used C# code)
Where are my folders?
But I can see folders when I search by name (ex. name=’Folder1′) in the code.
Also I can see the folder output when I use Api test called “Try this API” which is on API help website (https://developers.google.com/drive/v3/reference/files/list).
So only C# code does not show folders?
Can you please tell me why it shows only files, not folders?
FYI: I authenticated using service account and used Google Drive v3 SDK.
If the only file you are seeing is “Get started” pdf file that is a sure sign that you are using a service account for authentication.
Service accounts are not you. Think of it as a dummy user it has its own google drive account which by default has no files.
Options:
Upload files to the service account using the files.create method
Share a folder on your personal google drive account with the service account. You do this by taking the service account email address and sharing a folder with it. Note: to my knowledge you cant share your personal root folder with anyone.
Tip: If you are allowing the service account to upload files to your personal google drive account remember to have it grant your personal user permissions to access the files using permissions.create method or you are going to have files on your drive account that you dont have permissions to access.
I don't know whether this question is answered or not, so I am replying. I was facing the issue when I was using name='root'. It was returning me the list of files and folders but some were missing.
I found somewhere and modified the 'Q' string with the following and it is now showing me the right information.
('root' in parents)
I'm building a web part for our SharePoint that needs to read file and folder names from a network share. However, I get an access denied error when I try to use
Directory.GetDirectories(path);
I've done some research on how to fix this, the general consensus is to either use RunWithElevatedPrivileges or impersonate the current logged in user. Unfortunately everything I've tried has failed. I have tried all of the following to no avail:
Impersonating the user and here
Setting the ASP.NET app pool to classic mode (Breaks all of sharepoint)
Changing the trust level for SharePoint to full (Doesn't seem to affect anything)
Giving the Network Service permission to the network share
Making a symbolic link on the SharePoint machine that points to the network share
Any suggestions on what to do? I'm at the end of my rope.
I'm Referring to this link as I have to write file from one server to another I'm trying to create a custom domain account on Windows server.
I have done all as told in the link however when I browse the site I get the following error:
I was refferring the following link for the error.
However no success yet
I get this error when I authorise my network service for the application pool
Access to the path '\\servername\c$\fromvini\abc.text is denied.'
To been able to read the file on the remote computer you have two ways.
First way - both computers have the same account.
Both computers must have the same user name / and password
On the IIS server that runs the site, you place that account to run the pool of that site, do not make this account as service account, but you need to correct setup the site directory to be able to run.
On the remote server you let and the share connection to be able to seen by this account, but also you change the credential of the directory and the files to have permission for that account.
Second way - open the file with different login than the pool
The site is run under what ever pool use, maybe service account, we do not care.
Setup on the second server the user name / password that you going to use on the first one.
You open the share of the files, and change the file permissions for that acount.
You use the Impersonate to run under the other user the File access.
for example:
using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
{
//... read the file
}
and one full example: http://forums.asp.net/t/1840443.aspx/1?How+to+copy+file+from+network+share+in+VB