Problem with workflow on SharePoint email enabled document library - asp.net

SO ... here is the scenario ... i have a workflow on a document library that copies a file to a windows directory ... this workflow is set to be started at the time when a new item is added to the document library ... so everything works fine when you are manually uploading files to the doc library ... but the problem occurs when we use emails to populate the doc library instead of the manual uploading of files.
When an email is received ... the workflow starts successfully and runs properly (i have kept workflow history entries to check every section of code is being executed or not) ... the workflow stops when the section where the file is being copied to the windows folder is reached.
I basically think this is a problem with the permissions or access issues. Because when we upload the file manually (i.e. from doc library > upload) everything works fine. But maybe there is some other permission set which is used while an email is received by the doc library ... i have tried by assigning permissions to "Everyone" on the windows folder ... but no luck...
Can someone let me know which windows user account is used when an email is received by a document library? (i think its the IIS default account - but isnt it included in Everyone?? )
One solution which i can devise in my mind is that for the file transfer to the windows folder i should use temporary impersonation for the specific code segment (which writes the doc library file to windows folder) but any suggestions are welcome.
P.S. I dont have access to the server right now so i can only devise approaches in my mind ... cant test them right nw... so it would be good to have all suggestions u have so that once i get the access i can try all stuff :D

This is a well known situation. The system does not know who sent the email so it cannot impersonate a user it has no knowledge about.
Depending on which version of SharePoint you are running, the workflow may not start at all or it may start under the account that published the workflow.
For details see this Microsoft Support Article.

Related

Where should a .NET Web Application store it's (non database) setting

I am building a Web Application that will be installed many times. The application needs to be able to save certain setting itself upon request.
I have an installer (InnoSetup) but I want to very careful about what permissions I give the Web Application.
I can't use a database.
A default install always leaves the web.config as read-only. (Most secure)
The registry can be problematic. Unless there is a set of keys a DotNet webapp can always write to by default (IIS_IUSR)...
I was considering App_Data, but the default permissions are no longer useful and Inno-Setup can't easily fix it correctly:
https://support.microsoft.com/en-us/kb/2005172
Security and Ease of Setup are both big issues..
I also don't want to make a mess of the machines I install to.
A FAILED solution was to write to the user portion of the registry:
Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Software\\MyCo\\MyApp\\");
var reg = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("Software\\MyCo\\MyApp", true);
reg.SetValue("MyValue", (string)dataString, Microsoft.Win32.RegistryValueKind.String);
But I found out that writing to HKEY_CURRENT_USER is also not allowed by default on Server 2012 and likely others. The server error page is helpful and gives options such as explicitly giving the IUSR_{MachineName} explicit permission but this is a no go for me.
So my final solution is to have the installer create a user configurable folder and then assigning all users Read/Write access to that folder. The administrator can always lock it down more if they want.
If anyone has a better option then let me know.
With InnoSetup I created a new Wizard page to suggest and collect a Data folder from the user. The installer then:
Created that folder and gave All Users Read/Write access,
Added a HKLM registry key telling the Web App where to look for the folder,
Notified the user that they should lock the folder down further to prevent abuse.

harmon.ie bit9 execution block

Our company recently joined a larger company that utilizes Bit9 for application whitelisting. Previously, we had a large amount of users using Harmon.IE to interface with our Sharepoint-based document management system. I'm trying to figure out what to allow in Bit9 to allow the document open process to work in the Harmon.IE outlook add-in.
What's happening is the user tries to open a file from the Harmon.IE pane and Bit9 blocks the auto-generated, randomly-named vbs file used to launch the file from Sharepoint. Since this file is different each time and has a different hash, we can't simply approve the vbs file.
We also can't set wscript as a trusted source as many malware sources utilize wscript. Likewise, can't really allow anything that comes out of Outlook as that would open the door for malware delivery via email.
I'm trying to find out if there's a dll that I can trust somewhere in the stack that will allow these VBS files to be trusted and allowed to run.
Add OpenFilesUsingScript key with default value "False"- harmon.ie will launch files directly without using VB script
[HKEY_CURRENT_USER\Software\Mainsoft\Prefs\OpenFilesUsingScript]
#="False"
A custom rule with an action of Execute Allow on the path of the VBS with the name wild carded as deep as possible should cover you just fine.

How to execute an exe or a file in local machine using a website or html (like clone in windows in github)

These are my requirements
How to open an pdf file which is located in my local machine using html page?
How to execute an exe file which is loacted in my local machine using a website?
This is like what github does when we do clone in windows option.
I need to implement exact same operation . I have a button and when I click that it need to run an application.
Thanks in advance.
You installed GitHub for Windows on your computer. And this installation registered the protocol github-windows: with the GitHub for Windows executable as handler. Nothing special going on here.
The only chance I see is to register your own URL scheme (as you said myapp-pdf: or something like it).
Then you can redirect (or open a new window) to a URL with your custom scheme and the browser should start your application giving you the URL as a command line parameter.
Create custom Url Schema and Map to the application
I just explain some thing I got after your inputs.
As all guys mentioned above, I need to generate a url schema for my application
I need to register the schema and application path to be executed in Windows registry. This need to handle during the installation .
http://msdn.microsoft.com/en-us/library/aa767914(v=vs.85).aspx
This link will show how to add the particular schema in windows registry and we can specify the application to be executed like mailto: for Outlook.
Thanks for SO to provide the details from here.
how do I create my own URL protocol? (e.g. so://...)
Pros
Need to check about the security issues which may occur if we are using this approach.

Is there a program that lets me edit web files with a native editor?

Before I attempt to program the following function myself, I wonder if something already exists.
What I would like to do is click an edit link on my website for a given document, and have that document launch in the native editor on my local machine (via a temporary file mechanism).
When I save the document in the native editor, the document is HTTP PUT back to the website. This can be accomplished by watching the file for writes, or watching the editor process for exit.
This way I can more easily edit documents on the web (instead of going through the download / edit / upload cycle).
My design would work as follows:
Register .webedit files on the local machine.
When a .webedit file is downloaded, launch webedit.exe with the file.
The file contains a URL (http://server/document) which is checked against a security database to ensure we're only opening allowed URLs.
The URL is downloaded to a temporary location.
The temporary file is launched in the native editor.
The file is watched for changes, and uploaded (HTTP PUT) on change detection (or when the editor is closed, if it's not a single-instance multiple-document editor).
Lots of FTP / SCP GUIs have this type of functionality, but I have not been able to find it for the web in general, or a shared library that allows you to plug in to this function.
Has anyone seen a program that does this?
SharePoint works like this.
It's great for managing shared documents in corporate environments.
Users can even checkout/checkin documents & the features are very extensible..you can customize pretty much anything if you know how.
Edit:
Since you're on Linux..i've heard that Alfreco is a great alternative.
I've never used it, but I know a couple organizations using it instead of SharePoint.
It integrates with Microsoft Office as well.
Also, it will definitely be cheaper.

What is the best location for a "read me" file on the target machine when deploying an ASP.NET application using an .MSI package?

For an ASP.NET web application that is packaged and sold to customers for deployment, what would be the best location for a "read me" file with notes about setup and configuration on the target system?
Requirements:
The file should not be accessible by
users of the web application, only
the person doing setup and
configuration.
The file should be
consumable by the MSI installer
program, so that it can be displayed
as part of the setup wizard UI.
The solution should be simple and very
low cost. (I don't want an elaborate
solution for just a simple text
file.)
Some thoughts I have are to copy the file to *App_Data* or to bin as those are protected folders by default, and then pull the file in from one of those locations in the setup program.
The readme should be a separate file that sits beside the MSI on the media you distribute the web app on. This is a standard practice dating from generations ago the dark ages. If you distribute as a download from the web then have a link for the MSI, and a link for the readme.
You could also include the same file into the MSI, but arguably that is the wrong place for it as the user has yet to reach the configuration stage, and unless they print it they won't be able to refer to it later in the MSI process (if you have any configuration steps in the MSI).
Having the instructions available via the web app is also arguably wrong, as the user may have to do some initial configuration in order to reach the page telling them how to configure the app....
So ship the instructions separately to the MSI, and make sure they look okay and are easily readable when printed out. Remember these pointers:
Instructions are not always read
Instructions are not always read at the time of installation
Instructions are not always read by the same person that does the installation
Instructions are not always read from the screen
Instructions are not always read correctly, even when they are simple
Instructions are not always read (I know that is a duplicate of the first point...)
Don't forget to clearly distinguish between pre-install and post-install configuration instructions (even if they are in the same document) - you want to minimize the risk of the end user getting it wrong (which some of them will do no matter how hard you try).
Build the important message into your application. Do it like Apache where it says "this is a new installation of...." and don't allow that screen to go away until they go in and do all the things that you consider important.
This isn't a problem for your installer to solve.

Resources