I have an Azure web role and a separate computer. Both of them are on the same network and both share certain folders which the other can access. If I go on my Azure web role, through remote desktop, I can go to the other computer's shared folder using \\comp1\folder and add/remove/edit files there.
I have a few image files on my web role which I need to copy to the separate computer.
These images are uploaded to the web role and stored there.
How can I copy those images that are on the web role, to my other computer?
I have tried using File.Copy but it always gives me Access Denied errors.
I tried doing:
File.Copy(Server.MapPath("~/image/a.jpg"),#"\\comp1\folder\b.jpg");
Result: UnauthorizedAccessException
I don't think you can access the file system on Azure like that, except through Local Storage?
To quote Bill Wilder
Any of your code running in either (a) ASP.NET (e.g., default.aspx or
default.aspx.cs) or (b) WebRole.cs/WorkerRole.cs (e.g., methods
OnStartup, OnRun, and OnStop which are derived from RoleEntryPoint
class) will not have permission to write to the file system.
You can read and write to the Local Storage system
try
{
LocalResource myConfigsStorage = RoleEnvironment.GetLocalResource("myConfigs");
string s = System.IO.File.ReadAllText(myConfigStorage.RootPath + "myFile.txt");
//... do your work with s
}
catch (Exception myException)
{
... }
But having always used Azure with more than one instance I have never seen the need for local storage and used the blob store instead.
Read more: http://www.intertech.com/Blog/Post/Windows-Azure-Local-File-Storage-How-To-Guide-and-Warnings.aspx#ixzz26ce8rXpk
Related
I want to read file names of pdfs from a folder on a network share that match certain parameters and provide a link to view them on a details page for my model. All I need to get is the file name. I don't need any file management/read/write at this time.
I'm able to display a .pdf in the browser if I have the path (IE will open "file://" links). The part I'm missing is getting file names from the remote (but same domain) directory at run-time.
We've set up a virtual directory for the app to use and that has worked fine in the past if the resolved physical folder is on the same server, but that is not the case here.
I've tried Impersonation, but that doesn't seem to work as I'm still getting an access is denied error.
I realize this would probably be a security issue and is why it isn't allowed, but is there an IIS configuration or other avenue that needs to be set-up to allow this? I can't seem to find a way with just code that opens the directory for reading.
Example code of how I might normally read some info from one file in a virtual directory:
// This example code is inside a controller action, so Server refers to HttpContextBase
var path = Server.MapPath("~/MyVirtualDirectory/" + fileName);
var fileExists = System.IO.File.Exists(path);
var fileLastModified = System.IO.File.LastWriteTime(path);
To enumerate over matching files in a directory, I've used DirectoryInfo
var pdfFileNames = new List<string>();
var dir = new DirectoryInfo(Server.MapPath("~/VirtualDirectory/"));
var pdfs = dir.EnumerateFiles("*.pdf");
foreach (var pdf in pdfs)
{
pdfFileNames.Add(pdf.Name);
}
As I mentioned, these methods work fine when the physical folder is on the same server, but once the directory is on a remote drive, then it no longer works. I have permissions to open the desired directory and my collegue said he gave the appropriate permissions to the virtual directory and server. Not sure what else to try at this point.
Edit: Now that it is working, I display the files using the Virtual Directory
http://server/appName/virtualDirectory/pdfFileName
By default, IIS application pools run under a specific local Windows identity named IIS APPPOOL\[NameOfYourAppPool]. This is a local user and it will not be possible to grant permissions to this identity to access resources located on a different machine.
If both servers are inside the same domain, you can try the following solutions:
Run the IIS application under a domain user and grant the required permissions to this domain user.
Run the IIS application under the NetworkService identity and grant permissions to the DOMAIN\MACHINENAME$ account of the IIS server.
I have a web service that is trying to write a file to a file share.
The application pool for the site in iis is running as a custom domain account: "domain\domainaccount"
I'm operating under the assumption and hope that when the code tries to write the file it will use the "domain\domainaccount" user to do so.
Executing the following line of code produces the error: Access to the path [filename] is denied
FileStream stream = File.Create(fileName, result.Length);
I have confirmed that the "domain\domainaccount" account has access to [filename] which is the full path of the file including the file name. I have even given the account access from the very top of the share structure, not just the specific folder the file needs to be written to. In fact, if I run notepad as "domain\domainaccount" I can save a file to that exact location.
What might I be doing incorrectly? Is it not using the domain account to write the file? If not, can I change something so that it does?
I should note that if I log into the iis server and run the web service from there, I do not get the access denied message and the file is created.
I am trying to retreive an image from the path stored in sql database. When I try to load the http request, I get the image, but when I try to save it on a network path and retrieve that, i do not get an image
When, i write my image shared location to the browser, it works.
file://networkshared1/Try/Image1.jpg
When, I save this url to the database and retrieve it, I do not get anything.
C# code:
Image1.ImageUrl = "file://networkshared1/Try/Image1.jpg"; //DOES NOT WORK
Image1.ImageUrl ="http://something;" //IT WORKS
Look at the following steps:
Add Virtual Directory to your application in IIS
Give it an alias.In your case this would be your network folder here.
you can see the virtual directory now.
check under which app pool the app is running
Go the respective app pool. In my case it is running under the admin account (not good! but I have all access rights :-))
Add the app pool account to the ACL list of the network folder and give it the respective rights.
Now you can access the file in your application via http as you can see in the url:
I have a code which is similar this:
string file;
using (StreamReader r = new StreamReader("xml.xml"))
{
file = r.ReadToEnd();
}
XElement xml = XElement.Parse(file);
using (XmlWriter w = XmlWriter.Create("xml.xml")) //The point of problem!
{
w.WriteStartDocument();
...;
w.WriteEndDocument();
}
When I try run it like a console application is everything all right. But problems start when I want to use it in an ASP.NET application. At the using line it throws UnauthorizedAccessException exception with a description "access to the path is denied". Why?
You need to check which account your application Pool is using to access your server files/folders, for example, make one code to copy one file to application folder, check all security info, copy and paste on this problem folder, normally use this account "IIS_IURRS" give full control to test only...
If IIS/the web server is configured correctly, an account with a very limited set of permissions is used. As your path points to the application directory, it is very likely that the application pool account is not allowed to write to this location.
If you run the code in a console application, your user's permissions are applied and it is more than likely that you are allowed to write to the output folder of the project as Visual Studio writes the build output there under your account.
I would not recommend to change the application pool account or the permissions of the application folder in the file system - it is a very sensible limitation that limits the amount of trouble an attacker can possibly make.
Therefore I'd recommend to either move the file to a folder that the account can write to without changing permissions or define a special one outside of the application folder hierarchy that the account is given permissions to.
Also keep in mind that multiple users might access the file at the same time, so a database might be a better choice to store the data.
I have the following code:
var saveFolder = Path.Combine(Properties.Settings.Default.DropBoxFolder, guid.ToString("N"));
// Create folder, if it does not exist (for the first attachment, it shouldn't exist)
if (!Directory.Exists(saveFolder))
{
Directory.CreateDirectory(saveFolder);
}
var saveFilePath = Path.Combine(saveFolder, file.FileName);
file.SaveAs(saveFilePath);
I'm using GUIDs to generate folders for uploads on my IIS server. The .NET web application is configured to impersonate the user. I granted modify permissions to the target folder (it is a local path on the web server) for Domain Users, Local Service and Everyone, but some users still can't upload files. I can and other people on my team can.
The weird part is that the exception says this:
Could not find a part of the path 'C:\Users\USERID\Desktop\FILENAME'
That path is the path to the file the user selected to upload (their local file path). I feel it is safe to say that the user has permission to his own file on his own desktop. I don't use user impersonation much, so I am wondering what I missed in my configuration or permissions. Any suggestions for debugging this issue? Thanks!
Note: the CreateDirectory method works just fine, even when the exception is thrown. I would have thought that if the user didn't have permission the directory creation would have failed first.