Today we had a situation where a page was trying to load a string from another file in the UNC share.
The asp.net page looked like this
<%@ Page EnableSessionState=”False”%>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head runat=”server”>
<title></title>
</head>
<body>
<form runat=”server”>
<div>
<asp:PlaceHolder runat=”server” Visible=”true”>
<%Response.WriteFile(“/Common/breadcrumb.htm”)%>
</asp:PlaceHolder>
</div>
<div>
My Test Page
</div><asp:Literal runat=”server”></asp:Literal>
<asp:Button runat=”server” Text=”test”/>
</form>
</body>
</html>
Breadcrum.htm file just as a string. When this is executed on IIS7 in Asp.Net v2 works fine. But when run 0n IIS7 and Asp.Net v4 this generates System.UnauthorizedAccessException: Access to the path “\\unshare\common\breadcrumb.htm” is denied
Fix
<%@ Page EnableSessionState=”False”%>
<%@ Import Namespace=”System.IO” %>
<%@ Import Namespace=”System.Security.Permissions” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<script runat=”server”>
Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim oFp As FileIOPermission = New _
FileIOPermission(FileIOPermissionAccess.Read, Server.MapPath(“/Common/breadcrumb.htm”))
oFp.Assert()
Dim data As String = File.ReadAllText(Server.MapPath(“/Common/breadcrumb.htm”))
Literal1.Text = data
End Sub
</script>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head runat=”server”>
<title></title>
</head>
<body>
<form runat=”server”>
<div>
My Test Page
</div><asp:Literal runat=”server”></asp:Literal>
<asp:Button ID=”Button1″ runat=”server” Text=”test” OnClick=”Button1_Click”/>
</form>
</body>
</html>
My application pool was running under Network Services. I could have either changed the identity of the pool to use a user that had access to unc share or I could just programmatically give permission to file. I used the FileIOPermission to grant access to the file and then read it.