I have a grid view on page. When i click on a select button of grid view. I am getting an exception like this
Error Message: Access to the path 'c:\windows\system32\inetsrv\19.xml' is denied.
here 19 is the id of the record in the grid view.
Actually it was working fine till yesterday. but suddenly raised the exception.
Every thing here is done by a web service.Web service works fine on all pages but only on one page.The exception is raises only on production system not on development system
It is occurring on only one page. How to resolve this.
Check your create/write/reading rights on the folder the xml is in.
Your application pool identity probably does not have the appropriate rights to create/modify/open the file, causing this error to occur.
Please check the security settings and see if that fixes the error.
You need to use Server.MapPath if xml documents are located under the root of web-app.
string value="19.xml";
string file=Server.MapPath("~/folder/" + value);
...
Try to move your XML data to a DataTable.. hence remove neediness to access directly your file. When everything is done simply save back your changes into the respective xml file.
Related
Am developing asp .Net web application.
In one of my aspx file am using file to download using generic handler. Everything works great. But when am testing i felt a strange problem. That, if am uploading a image or document with file name containing aspx character for Eg; aspxphoto as file name.
Uploading doesnt have any any problem but when i try to download it is throwing error in Generic handler file as
Object reference not set to an instance of an object.
Can anyone help me why this problem happends and how can i fix it?
You will not be able to do this. The IIS handler wants to "handle" the ASPX. You should simply not allow it, or if you have to, rename it to .aspx.uploaded or something. If you allowed, it you could open yourself to hacking.
As another option, you may be able to create a virtual that implements ("no processing") - possibly using the HTTP Handler under the virtual and just disabling script / execute permissions (under handler >> Edit Feature Permission >> Script OR under Virtual >> Edit permissions >> Special >> Turn Execute off.
I would not recommend the last, since it will add complexity when migrating between test and live AND for recovery (DR).
I have a form in ASP.Net MVC, which allows you to upload a file. The file is saved to a location on the server. For example, if the domain is www.test-domain.com, and the local path is c:\websites\test-domain.com\, the image is stored in /uploads/File/image.jpg.
When I try to access this url http://www.test-domain.com/uploads/File/image.jpg, I get redirected to the forms loginUrl="XXXX" path in web.config. To test, I removed the web.config entirely, and accessed the file. This time round, I get a 401 - Unauthorized: Access is denied due to invalid credentials.
I then uploaded another file via FTP this time, to http://www.test-domain.com/uploads/File/image2.jpg. This one can be accessed without any problem. I even tried download image.jpg as saved via Asp.Net, delete the file on server and re-upload the same exact file by FTP and it worked again!
It seems by FTP is working, while via Asp.Net somehow there are some access / authorisation requirement. I do have authentication set in Asp.Net, but I removed the entire web.config file, and I still got an error.
Any ideas?
I've found out why this was happening, though it is totally unrelated to what I thought it was in the beginning. I am uploading an image and resizing it. I've looked further in the code, and for some reason I was creating an image in the temporary windows folder, and then moving it to the actual location using File.Move.
It seems that the security permissions created are different, than if I had to create the file directly in the final folder. I've updated the code to create the image directly in the actual folder, and this is working fine.
Reference: http://blogs.msdn.com/b/oldnewthing/archive/2006/08/24/717181.aspx
In a common ASP.NET Web Forms page, I specify the location of a backup file as follows:
string backupFilePath = "../data/backups";
ICronjobTask[] tasks = new ICronjobTask[]
{
new FileBackupCronjobTask(backupFilePath)
};
The ICronjobTask is executed later on. When calling the published page on my web server, an error message tells me that parts of the path "C:\Windows\SysWOW64\inetsrv\data\backups\file.txt could not be found.
Why does ASP.NET publish my local directory structure? How do I turn this off?
You're displaying the raw exception error message, is my guess. Whenever you do that, you risk giving away information that you don't want to be made public. Instead of doing that, you should interpret the exception and give general information to the user.
The solution was to use the Server.MapPath(string path) method that returns the physical path corresponding to the specified logical one.
I have written some code that uses an Access DB, on my localhost the following - Select, Insert, and Delete queries work just fine and do what I programmed them to do. When I move the application to the staging server, the application throws errors when Inserting and deleting, however the select statements work just fine. I have made sure all permissions are read/write as far as I can tell, does anyone know what I am missing. See the error below.
~~~~~
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details: System.Data.OleDb.OleDbException: Could not delete from
specified tables.
Source Error:
Line 714: OleDbDataReader objReader;
Line 715: objConn.Open();
Line 716: objReader = objCmd.ExecuteReader();
Hmmm ... that's odd. Do you have Modify (Change) file system permissions on the staging server's folder? Hitting the .mdb would create that temp Access file, so if you can select you should have Write on that folder. Check that you have Modify.
Is your MDB file readonly? I am talking about the file-system attribute of the MDB file.
Seems like whatever account is utilizing the .mdb file does not have the necessary rights to the file/folder.
I've found that using an .mdb file for a website just has too many problems. You want to switch to at least SQL Express. You website will appreciate it.
ASP.NET runs under the special ASPNET or Network Service account. Mostly IIS_USERS (located in the machine)
Right click on folder containing the file to be modified by ASP user
Folder->Properties->Security->Edit->Add IIS_IUSRS (of local machine) with upto modify permission.
Where can I setup custom errors for directories in my application such as App_Code, App_Browsers, etc.? I already have customErrors configured in the web.config and that works as expected. For example,
http://www.mysite.com/bla.aspx > redirects to 404 page
but
http://www.mysite.com/App_Code/ > displays "The system cannot find the file specified."
There's no physical App_Code directory for my site. Is this something that I can change in IIS?
You are trying to server content from an Protected Folder... ??
I think you might need to allow access to these folders to get the nice errors you are looking for...
http://www.webdavsystem.com/server/documentation/hosting_iis_asp_net/protected_folders
That being said... there is a reason these folders are protected.
I would never put anything i needed IIS to serve in protected folders.
But there are always reasons to do do something? i have broke a few rules in my short lifespan :)
UPDATE:
Found this when i tried this locally: http://support.microsoft.com/kb/942047/
Looks like those reserved directories throw special 404's you might be able to get IIS to Target the 404.8 type... with out opening up serving to those directories
I believe you will need to set the error pages in IIS itself, as the requests you talk about never reach the ASP.NET application. The reason your first example works is because IIS recognises the .ASPX extension and forwards it to ASP.NET.
One way is to provide a redirect in the global.asax file:
void Application_Error(object sender, EventArgs e)
{
//uncomment this to narrow down 'helpful' microsoft messages
//HttpRequest request = ((HttpApplication)sender).Context.Request;
Exception ex = Server.GetLastError();
//ErrorManager is a custom error handling module
ErrorManager.ProcessError(ex);
Response.Redirect("~/error.aspx?error=" + HttpUtility.UrlEncode(ex.Message), true);
}
{ On a side note, I was getting an exception that I just couldn't track down - it just said 'file not found' but didn't say which file was missing. It turned out to be a broken image reference in a css file - breaking on line two of the code above helped identify the missing file }
Add a Wildcard Mapping to IIS to run ALL Requests through ASP.net, then you can use Global.asax to handle the error.
Taken from here:
Follow these steps to create a wildcard script map with IIS 6.0:
Right-click a website and select Properties
Select the Home Directory tab
Click the Configuration button
Select the Mappings tab
Click the Insert button (see Figure 4)
Paste the path to the aspnet_isapi.dll into the Executable field (you can copy this path from the script map for .aspx files)
Uncheck the checkbox labeled Verify that file exists
Click the OK button