Security :: Write File To Temp Directory On Server?
Mar 24, 2011
I have an ASP.Net (2.0) application on an intranet that impersonates the users Windows login.
It has <identity impersonate="true" /> in the web.config file.
In a couple of places it needs to create a file in the temp folder of the server (a text file in one instance and a Word doc in another instance) before sending the resulting file to the user, after which it is deleted.
It runs into a permission problem, which I assume is because the user that is being impersonated does not have permission to write to the server's hard drive.
How do I overcome this?
I assume it be something along the lines of temporarily running under a different account for the create/read/write/delete temp file parts of code.
how to do this and which account would be the best (easiest) to use. It will be a Windows 2003 server.
I am seeing temp files created in my wesite directory. The files are attributed to a page that I load from a txt file for more info. I beleive when I user clicks on the more info link and I read the textfile into the page it creates the temp file named somthing like this moreinfo.aspx~RF1630b1e.TMP does anyone know a way to clean these up other than a manual task? below is the code I use to read in the txt file
<script language="vb" runat="server"> Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Dim strURLNAme As String Dim MyFileName As String strURLNAme = Request.QueryString("AdultInfo") ' Response.Write(strURLNAme) If strURLNAme = "adult" Then MyFileName = "AdultMoreInfo.txt" ElseIf strURLNAme = "kids" Then MyFileName = "KidsMoreInfo.txt" End If 'Open a file for reading Dim FILENAME As String = Server.MapPath(MyFileName) 'read the file Dim objStreamReader As StreamReader objStreamReader = File.OpenText(FILENAME) 'read the entire file into a string Dim contents As String = objStreamReader.ReadToEnd() Me.lblNicerOutput.Attributes.CssStyle.Add("text-align", "Left") 'We may wish to replace carraige returns with <br>s lblNicerOutput.Text = contents '.Replace(vbCrLf, "<br>") objStreamReader.Close() End Sub </script>
I am getting this error Invalid temp directory in chart handler configuration [c:TempImageFiles]. while running my code. Intially I was getting No http handler was found for request type 'GET' error which I solved it by referring no http handler But now I am getting the above error The details of the error are Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. The stackTrace of this error
I am using MS Chart Control in my Web App,after some time I got the issue "The temp directory in chart handler configuration is not accessible" in Live App,even though my web.Config file is containing every thing related to charts like...
<add key="ChartImageHandler" value="storage=file;timeout=20;" /> under <appSettings> <add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" /> under <httpHandlers>
I have static content like html,css javascript stored in DB. when a user requests for these i create a temp file in virtual directory and return the url. My web app is hosted on a IIS server. On some systems on creation of a file my IIS Application pool crashes and restarts. If i disable file-monitoring though the problem is resolved, but i dont have this luxury when i am deplying at the client end. Is there any way by which i can avoid app pool crash during file creation? If not is there any way by which i can serve static content like html, css, images, xml and js without creating temp files. I would need a generalized way of handling all these data types.
I create a pdf, then I set NavigateUrl with the path. The file is opened, but if I re-create it, ie open the temp file pdf, don't reload the new.. Only after some minutes (I don't refresh the page) ie re-download the new pdf..How can I force to open always the file on the server?
I am getting "Access Denied" error when I am trying to write a file on my hard drive (C:/.... xmls/test.xml) from a webservice which is also on my local machine.
The folder structure is like this
AdminApp (Web Folder on C drive) - WebServices Folder - TestService.asmx -Xmls Folder - Test.xml
I tried following settings in IIS in my efforts to resolve the issue:
- Set anonynmous access checked with my account name and password under "Account Used for anonymous access" alongwith integrated windows authentication checked. I am a admin on my machine.
- Disabled anonymous access with only integrated windows authentication checked. I have identity impersonate = true set in my web.config.
Problem: In test environment using VS development server, want to allow all users (will change to specific roles when implemented) to add and delete files from the directory App_Data. I can successfully upload files, but when I attempt to delete a file I get the error....
System.UnauthorizedAccessException: Access to the path 'C:Documents and Settings.......App_Data' is denied.
In asp.net mvc project I am using MYSQlMemberShipProvider. Now I want that instead of reading the connection string from web.config file, it will read the connection string from external file every time. So that I am implementing the cutsom mebership provider class, this class inherits the MemberShipProvider class. But the problem is that if I inherits the MemberShipProvider class then I have to impelment all of its method in my cutsom membership provider class, But I want to use all other inbuilt methods of MemeberShip. What can i do. I only want to add the code like below:
public class CustomSqlMembershipProvider :MembershipProvider { public override void Initialize(string name, NameValueCollection configs) { base.Initialize(name, configs); Connectionstring objProducts = // redaing the connection string. } }
But on compiltaion it is giving me the error does not implement inherit abstract member.
I got an error about asp.net cannot find window emp folder, so I created one and gave the right permission and the problem went away. Three days later same problem happened and I went in and couldn't find my temp folder. This is on a live server so is there a reason for my windows temp folder gone out of the blue? Is it possible that my server host company does some maintenance that cleans up the folder? Also, what is the difference between NT AUTHORITYNETWORK SERVICE and servernameNETWORK SERVICE?
I'm currently writing a website in ASP.NET MVC, and my database (which doesn't have any data in it yet, it only has the correct tables) uses SQL Server 2008, which I have installed on my development machine. I connect to the database out of my application by using the Server Explorer, followed by LINQ to SQL mapping.
Once I finish developing the site, I will move it over to my hosting service, which is a virtual hosting plan. I'm concerned about whether using the SQL Server setup that is currently working on my development machine will be hard to do on the production server, as I'll have to import all the database tables through the hosting control panel. I've noticed that it is possible to create a SQL Server database from inside Visual Studio. It is then stored in the App_Data directory.
Does it make sense to move my SQL Server DB out of SQL Server and into the App_Data directory as an .mdf file? If so, how can I move it? I believe this is called the Detach command, is it not? Are there any performance/security issues that can occur with a .mdf file like this? Would my intended setup work OK with a typical virtual hosting plan? I'm hoping that the .mdf database won't count against the limited number of SQL Server databases that can be created with my plan.
I can't seem to create a directory on a remote server even though I have given permissions for the asp.net application for all users. I gave full control to the Asp.net user, local computer user, administrators, Network Service, etc and I don't know what else to try. My code is below:
I need to set folder permission programmaticcaly which is in my GoDaddy server. I have nearly 150 folders in my server so I cant change through server settings or IIS settings. I am using web application. My folder may go on increase in future.I have googled a lot of things.
1. Like Access Control List in System.SEcurity namespace
2.System.principl.security...
I cant able to change the file permission but not a directory.
I must allow all the users to write or move a file to the folder which is in read only mode. That should be done programmatically and should be dynamic.
I would like to know your libraries recommendations to read and write Excel applications on ASP .NET website. I have tried GemBox and NPOI, because they don't required Excel to be installed on the server, but they have some limitations on handling Excel files that are marked to read only.
It is possible to upload a file to an account using the below code by specify an existing filepath.
What I wonder is how it instead would be possible to just write a string to this file instead. Like I want to open the file and write the string "Hello" to this file, file1.txt.
How can that be achieved. I beleive I would have to open up a stream of some kind but are not exactly sure how to set that up:
I've recently developed a web user control that lists a series of reports. When the user clicks on the report it serves back a CSV file download in the response stream using the following code:
The code initially worked fine in all browsers. Then the client put a requirement to use SSL for the site. As part of this I introduced a global handler to update the protocol from HTTP to HTTPS for all requests as follows:
However, since securing the site using SSL the CSV file downloads no longer work for IE although they do continue to work for Firefox / Chrome / Safari.
Is there something I am missing in the headers that is unique to IE in order for the file response to work correctly?
The message I receive from IE is:
"Internet Explorer cannot download Reports.aspx from .... in ......
Internet Explorer was unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
UPDATE:
Here is some example fiddler output coming back from the page request which looks like it's serving correctly. Why doesn't IE understand that it's just been served a file?
HTTP/1.1 200 OK Date: Tue, 09 Nov 2010 14:23:50 GMT Server: Microsoft-IIS/6.0[code].....
a asp.net site located at a hosting center(UK)and i want users from our office to login to that site using their active directory account.is this possible to do over the network ? or i need the site on the same domain as the active directory server?
The Security is working fine when testing on a local machine, but when it gets published to the server, it seems that It can't get any active directory information at all.
For example, on the local computer <asp:LoginName ID="LoginName1" FormatString="(Welcome {0})" CssClass="loginname" runat="server" /> returns "Welcome DOMAINusername" but when it's published, it doesn't return anything at all.
Using code i've added users to the correct roles and checked they are really in the roles, but security when published won't recognise the current user's name, so it all fails.
I would like to know best resource/tutorial/video on Active Directory Integration with SQL Server Membership provider.
Using Active Directory internal users are authenticated and then same user name is created in SQL Membership database to implement authorization.
users are stored against groups in Active directory, so it is not feasible or no granular approch to assign Roles to users in Active Directory. By authenticating users against Active Directory and using SQL Server Membership provider to implement Authorization for active directory users as well as it is quite feasible to implement authentication and authorization using SQL Server Membership provider.
Active Directory for internal users authentication ONLY. SQL Server Membership provider for internal users authorization and external users authentication plus authorization.
I have such sql query, in which there are 8 to 9 temp table generated and from each temp table, I am fetching data with use of read table.
I want to store temp table output into gridview, but after using sqlcommand,I am able to display first temp table output into gridview, but after executing query first temp table destroyed and second sql query which is using first temp table, is not getting reference. as first temp table is not available.
e.g. #temp1 -> I am able to display out put in grid view & destroyed
#temp2 -> which is using #temp1, but not getting reference of #temp1.
I have a web server with a web application and a website both on it (2 seperate entities within IIS7.0). The web application needs to be able to upload files to a virtual directory created within the same web server and the website needs to be able to view that virtual directory to be able to allow for downloading of those files.
This sounds really easy, but I cannot figure out how to do the upload and the download.
Example:
Virtual directory = own folder file structure (does not fall within either website/webapp structure)
Website - standard user for outside users.
Webapp - authentication requierd and only used by inside users.
Webapp users upload files to virtual directory Website users download files from virtual directory (i.e. open files)
A variety of files (pdf, images, etc.) are stored in a ntext field on a MS SQL Server. I am not sure what type is in this field, other than it shows question marks and undefined characters, I am assuming they are binary type.
The script is supposed to iterate through the rows and extract and save these files to a temp directory. "filename" and "contenttype" are given, and "data" is whatever is in the ntext field.
[code].....
This works, but the file should be saving to the server instead of popping up save-as dialog. I am not sure if there is a way to save the response to file.