I have developed one web application in c#(asp.net) and hosted in a server(say Server1). The application want the read and write access to a folder located in another server(network path) say server2. I can open the folder from server1 in windows explorer by typing the network path. But in application no access error is occurring(System.Unauthorisedexception). I dont know what access to which user I want to provide? Please help me.
Run your web application under an account that can access the folder on server2. Change the Identity of the Application Pool; more details at https://technet.microsoft.com/en-us/library/cc771170(v=ws.10).aspx.
Related
I have a specific function that utilizes IronPython and inside the python code it is accessing the current directory and creating a temporary file. When it later tries to access that file based off the relative directory path it cant get it and I receive an error back from IronPython that states
"Access to the path 'D:\Windows\system32\file is denied" ('file' being the unique temp file created). This all works when I run VS locally as a administrator. If i'm running it locally not as a administrator I receive the same error. When I publish the application to a app service on Azure it gives me the access denied error.
Thank you very much ahead of time and let me know if you have any additional questions.
D:\Windows\system32\file is denied
It is as designed on the Azure WebApp. Azure Web Apps (as well as Mobile App/Services, WebJobs and Functions) run in a sandbox. Applications are highly restricted. If we want to get more info about WebApp, please refer to Azure Web App sandbox.
Home directory access (d:\home)
Every Azure Web App has a home directory stored/backed by Azure Storage. This network share is where applications store their content. This directory is available for the sandbox with read/write access.
As a convenience for our customers, the sandbox implements a dynamic symbolic link in kernel mode which maps d:\home to the customer home directory. This is done to remove the need of the customer to keep referencing their own network share path when accessing the site. No matter where the site runs, or how many sites run on a VM, each can access their home directory using d:\home.
Local directory access (d:\local)
Every Azure Web App has a local directory which is temporary and is deleted when the run is no longer running on the VM. This directory is a place to store temporary data for the application. The sandbox implements a dynamic symbolic link which maps d:\local to point to this directory. The application naturally has read/write access to this directory.
Note that the d:\local folder in the scm site (where Kudu runs) is not the same as the one in the main site (where the web app runs). As a result, they cannot see each other's local files.
I wouldn't write stuff to C:\Windows\system32 as those are operating system files. I would feel more comfortable writing to the local temp directory for whatever user you are running the program as:
%USERPROFILE%\AppData\Local\Temp
I recently hosted a MVC application on machine and in solution I have a folder UploadedDocuments which i wants to secure. Actually when i browse URL like www.xyz.com/UploadedDocument it lists all the file even i didn't login to website
Note: Using Microsoft Interop for PDF conversion of docs in this directory.
wants to restrict the users who can browse folder but if a url with file name in folder and a user on website that is loggedin can access only with specified url
like www.xyz.com/UploadedDocument/abc.docx(except www.xyz.com/UploadedDocument)
thanks in advance!
In IIS, ensure that directory browsing is disabled.
On the file system, remove read access for any "normal" user accounts or groups, and have only the app pool account that IIS is running under with modify access to the folder (ie the "iis apppool\[MyApplication]" account).
You say you're using Microsoft interop for conversion. Is the conversion happening within the MVC application, or do you have another application / service performing the conversion? If the latter, also ensure that whatever account is running the other application / service has access to modify the folder.
I have built an intranet web-application that is only used inside the company - so security issues do not matter . where we have a link in a web-application that should access a local directory on the local filesystem. When we pass parameter link a windows explorer instance should open with given a directory open.Is there anything i need to do with IIS?
System.Diagnostics.Process.Start("explorer.exe",#"c:\teste");
If you do that you'll be trying to spawn an explorer process on the server hosting the web application.
Do you just want to link to a path on the users local machine or at a network location?
Link to a file share through an anchor tag
Lets say we have photographers who use one computer in a department. They take pictures of an event then upload and organize pictures in an application. That application by default takes someone's shared location and copies pictures to that share.
On a web server there is a share we point it to. We want to make it so ONLY that application can access that share, and only THAT web application (of course, anyone with admin login to the physical server can).
Also make it so that any web browser can display the image (I believe Firefox can't take a file location of \\server\share)
Logically it would look like this:
Photographer uses an application on a public computer
Application copies images to share
Web application uses images (cross browser)
No user from public computer can access those images EDIT: the displaying on the webpage is not the problem, its how I store files in the webroot securely, so that my app can SHOW the images that are located within a shared location in a webroot. Allowing only the application on a terminal computer to access that share and NOT the user running the application from that computer. I.e. a person cant just run a command and download the entire directory contents from wherever he wants.
Wait, what? You want to show the users some pictures in a browser, but don't allow them to download them? That's impossible.
Simply configure your share's permissions (ie right click on it) to be limited to a certain windows user. Run your application under that windows user so it will have access to that share. Done!
Create a service account and run/impersonate your web and desktop applications with the
service account
Share the pictures (located on the shared drive) for the service account so that no other
user can access
I've the following issue
I've a windows application
It calls a remote web service (for authentication)
It in turns call a web service (in the same remote machine) (to get a licensed file)
It saves the licensed file in All Users/Application Data in the system where the application is running
Which permission is used for saving the file in the Application Data folder? Either the web service's or the currently logged windows user's?
Update #1
So, i'm not able to save the license as the web service call is throwing a save error. How can i check the permissions of the folder?
Here is the code for creating my folder
licensePath = System.IO.Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "MyApp");
if (!Directory.Exists(licensePath))
Directory.CreateDirectory(licensePath);
Update #2
If i try to save it in the application's path itself (in bin/debug while debugging the application), it is working fine. Any ideas? I've tried just "C:\test" too. It's not working.
Thank you.
Regards
NLV
It will save the file with the permissions of the user that is running the windows application (which can be different from the logged in user - see RunAs).
The permission the windows application is running in.