access path denied - asp.net

I had applied the following code as said by you :
byte[] b = YourByteArrayFromDb;
File.WriteAllBytes(MyFilePath, b);
But I am receiving an exception "Access to the path is denied". How do I solve this using ASP.Net with C# ? And is there any format to set the path as string ?

There is file access audit in Windows. You can use it to get detailed info about access faults. All events will be collected into Security Event Log. Steps to achieve:
Define audit on the "C:\Users\attilah\" directory or whole disk via Property->Security->Audit
Switch on audit in the Local Security Policy (Control_Panel->Administrative_Tools)
Look for events in the Security Event Log
Second method is using Process Monitor by Mark Russinovich (www.sysinternals.com)
Apply any method to diagnose a problem.

I think The error message is loud and clear. You DONT have permission to write to that path. Check the permission for the user under which you are trying to write the file.

I have recently run into the same problem, when trying to edit a file copied from a CD-ROM. The file still had its Read-Only attribute on, which caused the very same error.

Related

Permission for event log used in SSRS custom extension

we are have written one custom input language translator SSRS extension which gets input and convert it into another language and send back. In this extension we have written a code to write error messages using event logger. When we running our SSRS reports they are showing message error!. But we are not getting any error in event logger only in SSRS trace log it returns "Data not found at parameter 5".
Following is sample asp.net code. Please do let us know permissions needed on extension so that we can write event log. We are getting error at Eventlog.SourceExists in below code.
System.Diagnostics.EventLogPermission pEventLog = new EventLogPermission(System.Security.Permissions.PermissionState.Unrestricted);
pEventLog.Assert();
if (!EventLog.SourceExists("Report Server"))
{
myLog = new EventLog();
myLog.Source = "Report Server";
}
According to Microsoft, you will not be able to acquire EventLogPermission unless the process is running with Administrator permissions.
https://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogpermission(v=vs.110).aspx
This sounds pretty risky to me. You might want to use a different logging mechanism (like Log4Net, etc).

log4Net eventlog permissions issue using non-administrator account

This probably isnt an issue with SiteCore per se but I've included it for completeness. I have sitecore 6.3 running under IIS7 using a custom identity for the app pool. I cant get Sitecore to write its logging information (using the default log4net settings) to the eventlog. I've followed the advice here: http://logging.apache.org/log4net/release/faq.html#Why%20doesn%27t%20the%20EventLogAppender%20work? and although it works fine when I make the custom identity a member of the administrator's group I need to find a way to get it working in production without such a security hack.
The weird thing is that I have a MSI that installs it (running under an account which IS a member of the administrator's group) and creates the correct registry keys in the eventlog for me and yet despite that, I am still getting the following error when I run the application using the custom identity (without it being a member of administrators).
log4net:ERROR DOMConfigurator: Could not create Appender [EventLogAppender] of type [log4net.Appender.EventLogAppender]. Reported error follows.
System.Security.SecurityException: Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at System.Diagnostics.EventLog.GetEventLogRegKey(String machine, Boolean writable)
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly)
at System.Diagnostics.EventLog.DeleteEventSource(String source, String machineName)
at log4net.Appender.EventLogAppender.ActivateOptions()
at log4net.Repository.Hierarchy.DOMHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
The Zone of the assembly that failed was:
MyComputer
log4net:ERROR DOMConfigurator: Appender named [EventLogAppender] not found.
Thinking I could narrow it down to a registry permission issue I granted Everyone full permissions to the following registry key and subkeys but it didnt work either: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
The custom identity is a member of the following groups:
Event Log Readers
IIS_USERS
Performance Monitor Users
I've also seen the following question which seems to ask the same thing. The Microsoft article seems to suggest it might be a problem with ACLs on an event log and gives examples on how you can change SSDLs but I'd rather avoid that if at all possible.
EDIT:
I have another server running where the log is being populated fine. The custom identity was a member of administrators so I revoked that and rebooted, trying to purposely break it but I cant. Config is identical on both boxes and same identity used to run the MSI which creates the registry keys. Have run procmon on both (after doing a IISReset and spinning up the app pool again) to examine registry activity. Strange thing is - on the box that works you get 477 name not found records for my event source in the wrong places (Application, and a different Custom EventLog "MyCompany"). No hits for the place where it is logging which is "MyCompany\MyCompany.SiteCore". Whilst on the box which is broken, it does appear to be requesting to read the right key (albeit only 6 times) but you then get the Log4Net registry access error.
As I understand it EventStores are stored in the registry, so you only need write permission to registry to create or delete an EventStore. This is usually only needed once and most applications create this as part of the install procedure so that the application does not need to be run as Administrator during normal execution.
However your error message (in the question) includes the method DeleteEventSource from which I would deduce/guess that the EventSource does exist but is wrong in some way. So perhaps this is currently registered as writing to the event log named MyCompany and you are now trying to change it to "MyCompany\MyCompany.SiteCore" which requires you to delete the old eventsource and create a new one.
So it sounds like your installation routine is creating a different EventSource from the one that your application is actually using.
If that doesn't help, then I would suggest enabling internal logging for Log4net (but obviously not to the eventlog) which will probably give you more information.
Giving full permission to the registry key is not enough.
According to Microsoft
To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.
Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.
I think, contrary to the Apache documentation, log4net DOES need write access to the registry – or at least it does in my case. To prove this, I backed up the registry on the server where it wasnt working and granted IIS administrator privileges before spinning up sitecore. Sure enough it started logging away to the eventlog nicely and then when I exported the registry again to run a diff, there WAS a difference.
The value for the eventlogmessage file on my event source had been updated from:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
To
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll
So I assumed that merely changing this value in the registry by hand would work.
But it didn’t.
So I ran procmon on the two servers I have: A=the working one, B=the failing one. Sure enough, on server B I have a line which says:
Operation: RegOpenKey, Path: HKLM\System\CurrentControlSet\Services\EventLog, Desired Access:Read/Write, Result: ACCESS DENIED.
I’ve traced through with Server A and in exactly the same place, the key is requested with Desired Access:Read.
Conclusion:
It seems unavoidable that I will need to grant my app pool identity administrator privileges in production for at least enough time to programatically do the necessary registry writes the first time from within log4net. I dont know why administrator; I have tried granting Full permissions to the entire eventlog node in the registry for my custom app to no avail. It seems to do something which I cannot identify or pin down. I will then revoke this privilege immediately after it starts to log and monitor whether subsequent installs knock out the functionality afterwards. (Hopefully not).
If anyone has any insight into this behaviour it would be greatly appreciated.

Write to Event log from BizTalk

When I try to execute an orchestration with something like EventLog.WriteEntry("MyEsb", "Msg"); in Expression shape, I get the exception The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security. Why?
I'm running Win 7 64bit if this makes any sense.
When you write the event log from any application, the event source needs to be already created, or the application itself will try to create it before writing to it. Unfortunately, creating an event source is an action which requires local admin priveledges.
So you can do two things:
pre-create the event source
make sure the user which your biztalk host is running as is in local admins (bad)
To pre-create the event source is a nicer option. You can do this via the powershell command
New-EventLog -LogName "Application" -Source "MyEsb"
Might seem like I'm stating the obvious but has the BizTalk User got permission to write to the Eventlog? That is, the account of the Host Instance running the Orchestration.
You'll probably find that it hasn't.
HTH
Finally I've found a solution. As the error says, "To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security." So even though BizTalk User account has enough rights to write to the eventlog it has no rights to read EventLog\Security log as stated here in a Note in the Remarks section:
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.
So I just granted a Read Access to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security for BizTalk User and the problem was solved.

File.Create from IIS locking the created File

I have an ASP.NET running in IIS 7.5 that creates files on the local file system and then attempts to delete after performing some logic in between creation and deletion. I'm running into a situation though where deletion is failing with a response such as "The process cannot access the file 'C:...\Uploads\c1fe593f-85de-4de1-b5d1-7239e1fc0648_Tulips.jpg' because it is being used by another process.'" The file appears to be locked by IIS and I can't delete it. Here's an example of the code for creating and deleteing:
// File.WriteAllBytes(path, rawData); // this seems to leave the file open!
using (var file = File.Create(path))
{
file.Write(rawData, 0, rawData.Length);
file.Close(); // should close when it goes out of scope, but just to be safe
}
Is there some special option I need to pass into File.Create? How do I get around this?
File.WriteAllBytes(path, rawData); should work fine assuming the path parameter you are passing is unique and that you don't have concurrent requests one writing and other trying to read at the same time. To ensure this you could use a ReaderWriterLockSlim to synchronize the access if this situation could potentially occur. Also make sure that there are no other parts of the code that might leak the file handle.
Take a look at SysInternals Process Explorer which could allow you to know exactly where this file handle is leaked.

Error while running ASP site

I have set Data Source(ODBC) for running ASP Site in my local Computer selected Microsoft Access Driver.
Now I can run the whole site with out error.But If i apply leave then it will show an error.
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Microsoft Access Driver] Operation must use an
updateable query. /eleave/leaveApplicationOut.asp, line 39
Updation
After giving the Write permission following error is showing
Error Type:
jmail.Message (0x8000FFFF) The message was undeliverable. All servers
failed to receive the message /eleave/leaveApplicationOut.asp, line 80
Thank you very much for your support.
It is solved..
4 possible causes are highlighted here: http://support.microsoft.com/kb/175168
I am guessing it's #1:
The most common reason is that the Internet Guest account (IUSR_MACHINE), which is by default part of the "Everyone" group, does not have Write permissions on the database file (.mdb). To fix this problem, use the Security tab in Explorer to adjust the properties for this file so that the Internet Guest account has the correct permissions.
First error (which seems like you solved) has to do with write permissions on the database..
The updated question ,though, seem to be completely unrelated..
You seem to be trying to send an email, right ? and it says it failed..
Perhaps the SMTP service is not running and so it cannot send the email ? could it be a wrong IP address defined somewhere ? wrong credentials for the email accounts ? (read http://host.cdesystems.com/faq/jmail_faq.asp for possible problem)
give some code about the configuration you do to the jmail ..

Resources