Security :: Get A Violation Saving Files From Within An XMLRPC.NET Method
Feb 17, 2011
Short: Why do I get a security violation saving files from within an XMLRPC.NET method and not under MVC?
Long:
I have a blog engine running on MVC 3 on a Godaddy shared hosting account (IIS7/.NET 4). I've implemented a MetaWeblog interface to it so that I can use Windows Live Writer 2011 to post. Everything is generally working. My problem seems to be with Medium Trust and the XMLRPC gateway that MetaWeblog uses. I get a FileIOPermission error when attempting to write media objects to disk. The key error is:
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I'm sure it's the Medium Trust level that's causing this error because when I set my local IIS7 to medium trust level I get the same issue. Upgrading to high or greater trust level solves the problem. However, I can not change the trust level on a Godaddy shared hosting account (I don't want to pay for a dedicated server for a personal project so upgrading is not financially feasible).
Here's the "funny" thing. In the same application I have a file upload page that works perfectly on dev and production. I'm going to the same sub-directory in both places (well under the application directory root and with write permissions granted). Therefore, it seems the only difference here is the fact that one part of the code executes under MVC and another as part of XMLRPC (not sure what framework that is part of as I'm kind of new to ASP.NET development).
View 1 Replies
Similar Messages:
Jul 27, 2010
I am using profiles it works fine but it is not saving in aspnet_profile table besides using save method
In Web Config:
<profile enabled="true" defaultProvider="SqlProvider">
<providers>
<clear />
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="dd"
applicationName="AJAXEnabledFor Master Page"/>
</providers>
<properties>
<add name= "FirstName" />
<add name= "LastName" />
<add name= "Address1"/>
<add name= "Address2"/>
<add name= "City"/>
<add name= "State"/>
<add name= "Country"/>
<add name= "PinCode"/>
<add name= "Contact"/>
</properties>
</profile>
In Code Behind File
if (CreateUserWizard1.ActiveStep.Title == "Complete")
{
Roles.AddUserToRole(CreateUserWizard1.UserName, "Guest");
ProfileCommon p = (ProfileCommon)ProfileCommon.Create(CreateUserWizard1.UserName, true);
WizardStep Details = CreateUserWizard1.FindControl("Details") as WizardStep;
p.FirstName = ((TextBox)Details.FindControl("TextBox1")).Text;
p.LastName = ((TextBox)Details.FindControl("TextBox2")).Text;
p.Address1 = ((TextBox)Details.FindControl("TextBox3")).Text;
p.Address2 = ((TextBox)Details.FindControl("TextBox4")).Text;
p.City = ((TextBox)Details.FindControl("TextBox5")).Text;
p.State = ((TextBox)Details.FindControl("TextBox6")).Text;
p.Country = ((TextBox)Details.FindControl("TextBox7")).Text;
p.PinCode = ((TextBox)Details.FindControl("TextBox8")).Text;
p.Contact = ((TextBox)Details.FindControl("TextBox9")).Text;
p.Save();
}
View 1 Replies
Apr 30, 2010
My web application is on a Webserver that is in a DMZ .
the web application must save on the server in LAN some files, but the webserver cannot access the file server because has no right to access. i wouldn't create an account for the web server, but i would that any time the application has to upload a file onto the file server make a connection that encapsulate credentials, then the upload starts ,finally the connection closes.
Is possible with some Objects to do this type of work?
View 1 Replies
Aug 3, 2010
I have heard that saving connection strings and stored procedure names in web.config file of our application is not safe. It is a good practice to store the connection string in a config file rather than as a hard coded string in our code and if we need to change it,then it makes our job easier. how to protect our code in web.config?
View 4 Replies
Aug 9, 2010
I developed a site for a client a couple of years ago. It uses the the standard ASP.NET Membership, authentication, etc. I just added the profile section with (2) fields: CustID AgntID. Now whenever I load the page with any Profile code in it I receive this error: Violation of UNIQUE KEY constraint 'IX_aspnet_Users'. Cannot insert duplicate key in object 'dbo.aspnet_Users'. The INSERT statement conflicted with the FOREIGN KEY constraint "FK__aspnet_Pr__UserI__3CA9F2BB". The conflict occurred in database "broo001", table "dbo.aspnet_Users", column 'UserId'. The statement has been terminated. The statement has been terminated. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Violation of UNIQUE KEY constraint 'IX_aspnet_Users'. Cannot insert duplicate key in object 'dbo.aspnet_Users'. The INSERT statement conflicted with the FOREIGN KEY constraint "FK__aspnet_Pr__UserI__3CA9F2BB". The conflict occurred in database "broo001", table "dbo.aspnet_Users", column 'UserId'. The statement has been terminated. The statement has been terminated. Source Error:
[Code]....
Stack Trace:
[Code]....
Here is the code from my web.config:
[Code]....
Here is some of my page code:
[Code]....
View 3 Replies
Mar 23, 2011
Iam saving files in a dynamicall generated folder Intially.
Ex: FolderOne -------->abc.pdf
FolderTwo--------->abc2.pdf
Now my requirement is save those files in another folder
Ex: FolderOrder--------> abc.pdf and abc2.pdf
How can i do this
View 8 Replies
Jun 19, 2015
I'm creating a web application where the users can upload and download files. In the past, I've usually done so by saving the files as binary in a sql database. I did this because, this way, I know which files belong to which users (based on an ID). How would I do this if I plan on saving the files on the HDD? I figure I would create a unique folder per user (and I would save their files there), but I'm wondering what the standard or better way of approaching this.
View 3 Replies
Jul 13, 2011
I am trying to save some resized images to the server. Why I get the following error on the vSmlImgFle.Save(vTmpDir.ToString & vFile.Name, ImageFormat.Jpeg) (in red below) line?
A generic error occurred in GDI+.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.ExternalException: A generic error occurred in GDI+.
And while we are on the subject of dealing with image files, is there a way to get the file format from the original file, rather than looking at the file extension to determine the file type:
If Ext = "JPG" then
Type = ImageFormat.Jpeg
Else if Ext = "JPG" then
Etc.
I thought that vImgFormat = vOrgImgFle.RawFormat might do it but that seems to return something completely different than ImageFormat.Jpeg.
Code:
Protected Function CopyScaleImages(ByVal FileSet As FileInfo())
Dim vTmpDir As New DirectoryInfo(Server.MapPath("~/SanInspPhotosTemp/"))
Dim vDir As New DirectoryInfo(Server.MapPath("~/SanInspPhotos/"))
Dim imgHght As Integer
[Code] .....
View 9 Replies
Jan 23, 2012
I am asking user to upload images using file upload control..In the database i am saving the filename as varchar. My problem is how do i save it.. If file name is saved in database where is file actually saved? If i make a folder to save,it is hard code path.. So, any way to save the file uploaded by user.
View 1 Replies
May 16, 2010
I've got a project that's going to go on a dedicated server environment. I'll be uploading images to the server, but saving them outside of the virtual folder path of the actual website, like so:
protected void UploadImage_Click(object sender, EventArgs e)
{
string newFile = "C:\Images\myImage.jpg";
this.cb_fuMainImage.PostedFile.SaveAs(newFile); // from webform <input id="cb_fuMainImage" type="file" runat="server" />
}
Now, this works fine on my home computer. Is there anything I'll need to do with IIS or ASP.NET (possibly in web.config) for this to work properly on a production machine? Settings or permissions that may need changing?...
It will be on Window 2003 with IIS6 and ASP.NET 3.5 SP1.
View 2 Replies
Jul 16, 2010
I have an ASP.NET application running on Apache server with mod_mono. If I have a folder called "temp" located in the website's root directory and run the following code
System.IO.TextWriter tw = new System.IO.StreamWriter("temp/test.txt");
tw.WriteLine(DateTime.Now);
tw.Close();
it saves test.txt in C:Program FilesMono-2.6.4�in emp on the server. If I add a slash to the directory name like this: System.IO.TextWriter tw = new System.IO.StreamWriter("/temp/test.txt"); It saves it to C:/temp. Both do not do what I want. How do I get the code to save the file to the temp folder inside my website's root directory? Is this a mod_mono issue or something to do with Apache? I have tried adding this line to httpd.conf Alias /temp "C:/Path_to_root_folder/temp" without any luck. I shouldn't have to use alias if the temp folder is within the root directory, correct? In my development environment which uses XSP as the web server everything works as expected. It is only a problem when running on Apache.
View 1 Replies
Feb 23, 2011
I'm trying to use an asp:FileUpload Control to allow users to upload files (.doc, .gif, .xls, .jpg) to a server that is outside of our DMZ and not the Web Server. We want to have the ability to look at these files for viruses, structure, etc prior to saving them into another directory that would allow access to outside users. From what I have read about this control is that it will allow for files to be uploaded to the web server. Can this control be used to upload files to a server other than the web server? If it can be done where should I look for this type of functionality or how do I force it to go to https:servernamefolder name (Where server name is not the web server)? Would I have to read the file then write it to the other server?
View 2 Replies
Jan 24, 2010
I installed Windows 7 a few days ago and everything seemed to install fine. I opened up a rather large project I've been working on and opened up my dataset file. I created a new table in SQL Server 2005 and so in turn I created a new tableadapter. It went through the steps to create the tableadapter fine but when I tried to finish it, it took FOREVER to finally refresh. The table is small, about 6 fields with no data, and I waited 20 minutes at least for Visual Studio to finally respond again. Now I've tried to save my work and it's hung up again. I've been waiting another 20 minutes at least just for VS to save the file. Is there some known issue with datasets and Windows 7? This didn't happen in XP and I simply can't be waiting for an hour to simply add a table adapter and save the file.
View 5 Replies
Oct 25, 2010
I'd like to allow users to upload a .pdf file via the file upload control (if that's the best method), save the file to the db and then retrieve it so they can click on a link and open the .pdf they've uploaded. I've been looking for a tutorial on how to do this but keep running into methods of saving the file directly on the server in a directory, not in SQL server (using Linq and VB by the way)
View 4 Replies
Feb 6, 2010
So I would like my solution to save in the same folder as the rest of my files. I am a win forms developer so web is new to me.
1) Is there any reason why I shouldn't do that for web.
2) Second how do I do that. I know that I can change the solution's saving location by changing ToolsOptionProjects & SolutionsProject's Location. However, I just want it to use the location of the new website I create and not that specification.
View 1 Replies
Jul 1, 2010
I was following the tutorials from this two sites:
http://www.15seconds.com/issue/070104.htm
http://aspnet.4guysfromrolla.com/articles/020404-1.aspx
Following the first site, it had worked but when I´ve moved the pages and files to other folders and set the web.config file on this folder, now it won´t work at all!!!
The file is an *.swf object. I did put the asapi.dll to map the extension on the website root, I´ve put the
[Code]....
on the web.config new folder and on the web.config website´s root.
It won´t work!!! I can access the file directly!!! on the web.config of the folder that contains the file, there is a <deny users="*" /> line.
View 4 Replies
Jan 20, 2010
I creating a page where our clients can view advertising images and then able to download the images in different file formats. So I need the images and the different download types all saved into the same row in the database so that when I go to display them on the page when they select a picture the right download links will be there. So here where my problem comes in, I don't know how to code it so that I can insert mulitiple file paths into the database at once. The images are saved in a table called images. The downloads are saved in a table called Image Downloads.
Here is the code for the page I have it coded to submit the images to the database but not sure how to add the rest. I have got three different sql datasources for each table not sure if that's the way to go.
[Code]....
View 1 Replies
May 31, 2010
I created a website with a file manager where the client can upload, delete, preview etc. This works fint but the problem is that the folders where the files are going to be saved will be on another server. I am testing this locally for now but will deploy it once finished
I setup my website in the IIS. Created a 'Virtual Directory' and linked the directory to a folder in my 'C://'. The virtual Dir path is "~/upload" but when i user Server.Mappath() it gives me "C:/inetpub/wwwroot/website/upload" insted of the actual dir path "C:Documents and SettingsUserMy DocumentsVisual Studio 2008WebSitesWebsiteuploads"
View 6 Replies
Nov 1, 2010
I have a website that acts as a common user details site for a few other websites. I pass a sersname to it and it gets the profile using
[Code]....
that part works fine. Now to commit the changes I use the above code to get the profilecommon for the user and then use oProfile.Save() to finish. This saves all the user data to my profile..doesn't matter which profile I use, it always gets saved to mine.
View 4 Replies
Jul 28, 2010
i want to protect webpage from saving from browser file->save as. i found some sites did it(facebook,orkut). when i try to save pages on that sites only home page saved. how to do this in c#
View 2 Replies
Apr 4, 2010
Hi creating a simple blog site where u can login and save blog entries. I want to use the loginname control to automaticly save the username of the one entering the blog.
View 2 Replies
Feb 28, 2011
I have my database connected into project. Its located on different server. When I am managing users via WSAT everything is ok, it saves users into database on the server and additionally in my local App_Data folder. But when it comes to creating roles it only works with local database, but not applying into database located on the serwer.
Isn't it strange anyway, that it saves data into local database when there is not connectionString for this? I can delete database from App_Data and after doing some action with users/roles it creates new one.
View 2 Replies
Jan 30, 2011
I have a web project and I saved my images in Physical folders in hdd Like d:SecretImagesImagename. But I can't open the files when I have to? I thought if it can saves for examle d:SecretImagesTemp.jpg, I can open when I have to but, I can't.
View 3 Replies
Nov 28, 2010
how to violation of primary constraints
[Code]....
View 1 Replies
Jul 14, 2010
Im passing sensitive details from my asp.net web app to a database on a different server. I've set up encryption on my database. Should I encrypt the data in the code behind file of the web app and then pass it to my database stored procedure or pass it to the stored procedure as it is and encrypt it there?
View 4 Replies
