Month: August 2010

by

Accessing File Resource on a UNC share from IIS7 running .Net 4.0 win 2008

Today we had a situation where a page was trying to load a string from another file in the UNC share.

The asp.net page looked like this

<%@ Page EnableSessionState=”False”%>

 <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”  “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>

 <html xmlns=”http://www.w3.org/1999/xhtml”&gt;

<head runat=”server”>

    <title></title>

</head>

<body>

    <form runat=”server”>

<div>

                 <asp:PlaceHolder runat=”server” Visible=”true”>

                    <%Response.WriteFile(“/Common/breadcrumb.htm”)%>

                </asp:PlaceHolder>

            </div>

    <div>

    My Test Page

    </div><asp:Literal runat=”server”></asp:Literal>

    <asp:Button runat=”server” Text=”test”/>

    </form>

</body>

</html>

Breadcrum.htm file just as a string. When this is executed on IIS7 in Asp.Net v2 works fine. But when run 0n IIS7 and Asp.Net v4 this generates System.UnauthorizedAccessException: Access to the path “\\unshare\common\breadcrumb.htm” is denied

Fix

<%@ Page EnableSessionState=”False”%>

<%@ Import Namespace=”System.IO” %>

<%@ Import Namespace=”System.Security.Permissions” %>

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;

<script runat=”server”>

    Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)

        Dim oFp As FileIOPermission = New  _

        FileIOPermission(FileIOPermissionAccess.Read, Server.MapPath(“/Common/breadcrumb.htm”))

        oFp.Assert()

        Dim data As String = File.ReadAllText(Server.MapPath(“/Common/breadcrumb.htm”))

        Literal1.Text = data

    End Sub

</script>

<html xmlns=”http://www.w3.org/1999/xhtml”&gt;

<head runat=”server”>

    <title></title>

</head>

<body>

    <form runat=”server”>

    <div>

    My Test Page

    </div><asp:Literal runat=”server”></asp:Literal>

 <asp:Button ID=”Button1″ runat=”server” Text=”test” OnClick=”Button1_Click”/>

    </form>

</body>

</html>

My application pool was running under Network Services. I could have either changed the identity of the pool to use a user that had access to unc share or I could just programmatically give permission to file.  I used the FileIOPermission to grant access to the file and then read it.

Advertisements