开发者

Medium-Trust File I/O permission

According to this MSDN article about medium trust, under medium-trust:

FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.

However, for my current hosting provider runs applications under medium-trust and when I try to read/write a file in the application's root folder, I get a access to path 'myfile.xml' denied error.

This file is read using the following bit of code

XElement file = XElement.Load(HttpContext.Current.Server.MapPath("~/myfile.xml"));

Update Full Error:

Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[UnauthorizedAccessException: Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.]

System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +12892935 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPat开发者_StackOverflow中文版h, Boolean bFromProxy, Boolean useLongPath) +2481

System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +229 System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +102

System.Xml.XmlWriterSettings.CreateWriter(String outputFileName) +5224496

System.Xml.Linq.XElement.Save(String fileName, SaveOptions options) +108

mesoBoard.Services.SiteConfig.UpdateCache() +1971 mesoBoard.Web.MvcApplication.OnApplicationStarted() +62 Ninject.Web.Mvc.NinjectHttpApplication.Application_Start() +604

[HttpException (0x80004005): Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.]

System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +3985477 System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +191

System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +325 System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +407 System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +375

[HttpException (0x80004005): Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.]

System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +11524352

System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +141

System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +4782309


You need to make sure that the user account of the Application Pool running the website has read/write permissions to the file/folder. By default, I think you should have read permissions but not write permissions. Also, for security reasons, it might be a good idea to move that file out of the wwwroot folder into something that can't corrupt your entire application.

webdir/data
webdir/data/myfile.xml

webdir/wwwroot
webdir/wwwroot/default.aspx


Your IO permission sounds like it's just a permission issue with your file. I know what whenever I upload a file to my hosting provider, I have to login to their control panel and manually give the IIS account write access to it, as read access is the only permission granted automatically.

On another note, the location of your xml file poses a security issue. Try putting the file in the "~/App_Data/" folder, it's a special .NET folder that's more restricted than your data folder - at the moment I could go to www.yoursite.com/data/myfile.xml and download it, whereas any file in the App_Data folder can't be downloaded over the web.

What is the App_Data folder used for in Visual Studio?


You are using the XElement class. The namespace "System.Xml.Linq" is probably not allowed in your hosting "medium level" configuration. To use Linq in medium level trust, please follow the following procedure


Medium Trust specifies that the application only has access to the $AppDir. You can customize medium Trust level to add additional access to the medium trust by altering the FileIOPermission to include other directories than $AppDir. However, I found that when you call Server.MapPath("/") under even a customized Medium Trust Level, then you will get an exception "Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed"

It is my theory that this is because you are requesting access to the file system outside the of the $AppDir". We ended up having to remove all calls to Server.MapPath() from our web applications.


I set up a website on GoDaddy and found that the only way I could enable write access, was to enable it for the whole web root but that might have just been the restriction for that hosting plan?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜