To begin with, I developed a web application which reads an XML file from specific location and displays the contents on editable web page of the application,which is executed perfectly when the XML file is on the same machine/computer. When I try to read the same file on different computer on the network I cannot read the contents onto my web page.
My Observation:
When I access that file from run window in the computer by entering \xxx.xxx.xx.xx\c$ it gives me the window to connect to the machine asking for credentials and I guess the session is open. So I close the window and when I access the xml file from the web application it's able to read the content.
Is there a way to bypass this authentication mechanism which is part of windows when I use my web app to read the XML file or is there a way to accommodate the extra step to configure the authentication in my application?
I would be glad if someone can guide me to the solution.
Check the user your web application is running under and if this user is also permitted to access this location.
If you are using IIS to host the page you have to check the "AppPool" user and also the users which are used at the "Web Site" and "Application"
Just change IIS application pool user to "enough rights" user (right click current app pool - advanced settings - identity) or specify impersonation in the same name section in web.config.
Could it be possible to change your logic,
By storing file from different network to local machine where your code is running, through uploading file and process it.
Related
I'm trying to get my MVC app to write a simple text file to another server using System.IO.File.WriteAllText. (A separate process is looking in that folder for text files to grab.) It works fine when debugging on my local machine, but when deployed to IIS on a test server, I always get this error when trying to write the file:
Access to the path '\\server\C$\folder\subfolder\file.txt' is denied.
The answer to at least half a dozen similar questions here on SO was to give the application pool identity account access to that folder. However, the app pool on IIS was already running under a service account that had full permissions to the desired folder but was still getting the error. I even tried changing the app pool to my own account (the one used successfully in debugging) and still get the error.
Anonymous access is turned off, and Windows Authentication is turned on (part of the file.txt is info from the user's AD account). I have tried accessing the app with several AD accounts, both with and without access to \\server\C$\folder\subfolder\ but they all give the same error.
I don't see how the app can be running under an authorized account, and the user can be logged in to the app with an authorized account, but still get the access denied error. Is there any way to get more info about specifically what access is denied or which account is actually being denied? Anything else I'm missing here??
You need to check whether other processes already have the file open, e.g, "A separate process is looking in that folder for text files to grab" - perhaps this separate process already has the file open and is therefore locking out your IIS process? Use Process Monitor (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) to monitor activity on the file.
Also you give the file location as '\server\C$\folder\subfolder\file.txt'. UNC paths normally begin with a '\\', e.g., '\\server\C$\folder\subfolder\file.txt'. That may just be an artefact of StackOverflow escaping the double slash to a single slash.
As a simple test, can you use notepad with your own account to open the file in the error message and write to the file? What if you use the application pool identity account?
Edit: You run Process Monitor on the server that has the file location. Add a Path filter like this:
Path excludes file.txt then Exclude
Where file.txt is the file name (without the directory) of the file you are monitoring. This filter will only capture events for that file and will exclude everything else. Once an event occurs, right click it, and go to Properties, Process to see the User initiating the event.
First of all, you can try to give write rights to IUSR user on your folder in which you want to write your text file.
There is a way to imitate an user in your asp.net application by using Impersonate tag in your web.config file but I think this can be dangerous.
<identity impersonate="true" userName="nomducompte" password="motdepasse" />
I hope this helps.
I would like to know if it is possible to open a directory from intranet MVC application ? I have been searching about it but i don't found anything.
I tried to open from javascript using window.open('url') but i get unauthorized access.
Thanks,
Tiago MourĂ£o
IMPOSSIBLE !!!
web browsers does not have allow web pages to access to disk drives.
web pages only can read/write cookies.
FileUpload control allow access to the files, only with user action(scripts no allowed).
I found a way to do resolve this problem. If you create a background process using Process.Start('location'), the application opens directory folder.
Tips:
Process.Start() generally used in windows application and if used in
web applications, a process will start on server(not on user agent
that run current page).
you get unauthorized access error, because of IUser has limited
access ...
1) Web Applications can read/write any file and folders on server side with assigning permission.
2) WebApplication with Some sideway can access to file & folders in web pages (client side) !!!
with JavaScripts:
Write a browser add-on with requested functionality, then install on
user agent(browser).
now with call method/function in add-on, you can do the operations
that does not allowed with JavaScript & etc.
with VBScript(Obsoleted) that run/supported only in MsIE:
can using FileSystemObject to full access files and folders.
can using CreateObject to create instance of each object in OS and
working with it.
Finally my answer is IMPOSSIBLE.
I have a web application saved on a server. I want to be able to create an XML file for each user that logs onto the web app (using the users Windows log in when on the domain. The users log in needs to be the file name of the XML file.
I want to then save the file to a shared drive.
How can I do this?
You have to set up a service which is called on log event. On your service, you have to write your xml file and save it as the user name. The user name can be catched with HttpContext.Current.User.Identity.Name.
Is it what you want ?
I think you need to break up the process you are describing into logical and simple to achieve tasks.
Authenticate a user using Windows Authentication and Impersonation.
Access the user's domain username.
Create an XML file on a shared drive.
Open and edit an XML file on a shared drive.
Each of these tasks are relatively easy and have many resources on the web for how to achieve them using your language of choice.
If you are having trouble doing one of the particular parts of the process you describe above, be specific with what you are having a problem achieving, and we can help.
I've the following issue
I've a windows application
It calls a remote web service (for authentication)
It in turns call a web service (in the same remote machine) (to get a licensed file)
It saves the licensed file in All Users/Application Data in the system where the application is running
Which permission is used for saving the file in the Application Data folder? Either the web service's or the currently logged windows user's?
Update #1
So, i'm not able to save the license as the web service call is throwing a save error. How can i check the permissions of the folder?
Here is the code for creating my folder
licensePath = System.IO.Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "MyApp");
if (!Directory.Exists(licensePath))
Directory.CreateDirectory(licensePath);
Update #2
If i try to save it in the application's path itself (in bin/debug while debugging the application), it is working fine. Any ideas? I've tried just "C:\test" too. It's not working.
Thank you.
Regards
NLV
It will save the file with the permissions of the user that is running the windows application (which can be different from the logged in user - see RunAs).
The permission the windows application is running in.
I have a report that I currently allow the user to choose an output option (HTML or PDF) when they are supplying the report parameters (date range, filters, etc.).
I want to change the report such that it always does HTML and puts a link on the rendered HTML page so the user can grab the PDF if they want it.
How do I modify my IIS6/IIS7 configuration, user permissions, etc. to allow my site to write the PDF to the filesystem? Any C# code would be appreciated.
I plan on creating PDFs with random filenames and adding a process to cleanup old PDFs so I don't have a disk space issue. This is a lightly used web application so I'm not worried about having lots of old PDF files hanging around.
In IIS 6 Manager, go to Application Pools and get the properties of the Application Pool your web site is running under (if you're not sure, it's on the web site Properties dialog > Home Directory tab). Go to the identity tab and see what user account that app pool is running under.
Then go to the target folder you want to write the PDF to, right-click and go to Properties > Security > Add and add "write" for the account listed for the app pool.
n IIS 6 Manager, go to Application Pools and get the properties of the Application Pool your web site is running under (if you're not sure, it's on the web site Properties dialog > Home Directory tab). Go to the identity tab and see what user account that app pool is running under.
Then go to the target folder you want to write the PDF to, right-click and go to Properties > Security > Add and add "write" for the account listed for the app pool.
All you should need to do is be sure that the user ID that the web site is running under (or the user that's logged in if your site runs that way) has write permission to the directory you are creating the PDFs in.
You should take a look at the System.Security.Permissions namespace and the FileIOPermission class in .NET so that you can make sure your file permissions are set properly when trying to write your files.
I use it in much the same way that you need it (writing PDF files to the server before serving them back up to the user).