I am trying to write a very simple logfile for my web application (ASP.NET 2.0). The application is Hosted By Godaddy.com which by default has a "Medium Trust" setting. Does anybody have experience doing File I/O using a third party host.
Many of the solutions I have found suggest changing the security policy for my application from 'Medium' to 'Full' or changing the directory permissions to add the ASP.NET user account. As this is a Third Party Hosting application,
I can not change any of the machine configurations.
The following is a Test page I created in the application which illustrates the type of I/O I am trying to accomplish and the associated failures.
Access to the path 'd:\hosting\myApp\test.txt' is denied.
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path 'd:\hosting\myApp\test.txt' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
Line 19: protected void Button1_Click(object sender, EventArgs e)
Line 20: {
Line 21: System.IO.StreamWriter sw =
Line 22: new System.IO.StreamWriter(Server.MapPath("test.txt"));
Line 23: sw.WriteLine("test 123");
After trying a large number of scenarios, I am able to answer my own question... It goes something like this:
Godaddy requires you to create a Web hosting username/password. I had mistakenly assumed this was merely an FTP account when in actuality, it was a Windows domain/user password. Typically HOSTING\user
I created a subdirectory where I wanted to contain all of the File I/O activities, thus any security risks would be limited to this one folder. In the example above, if my root folder was myApp, then I create a subfolder at myApp\FileIO.
I then created a new web.config file in that folder that overrides (or actually extends the root web.config file. ) All of the properties of the root web.config file are intact except for the ones that are overridden in the new web.config file. The entire
file is pasted below. The trick is to user impersonation using the original godaddy Windows (FTP account) that I originally set up.) By default, (without this web.config file), the entire process runs under the ASP.NET account which does NOT have
the ability to add/delete files in my application. But MY id/password does.
I also used the .Net 2.0 security controls to limit access to to the new FILEIO folder to persons with a correct username/password. In other words, using standard .NET authentication controls, I can control who has access to this part of the application.
Once they are in, I switch the identity of the ASP.NET worker process to my own id/password which has read/write access. This way, I don't have to give out the windows account/password to my site administrators. They only have website usernames/passwords.
Taking this one step further, I would encrypt this entire web.config file section so that this sensitive username/password is not visible.
I'm trying to get impersonation working on godaddy and found your asp.net form thread. I know it's been awhile since you had to deal with this but I'm wondering if you could help me out. I've tried the impersonation settings per your message but I'm getting
an invalid login. If I follow correctly I should be using the ftp user name such that the web.config would look like this
I did notice that when a error is raised the error reports back that the user is GDHOSTING\WD016_28 and that impersonate is false (I'm using .Net's health monitoring to email me the error info). In my case I'm setting it at the root because I need to let
administrations do quite a bit of updating to the site (which may change later).
<identity
impersonate="true"
userName="HOSTING\myFTPUserName"
password="myFTPUserPassword"/> --- You are using your full login
domain and id. correct?? (GDHOSTING\WD016_28 ). i.e. using
GDHOSTING and not just "HOSTING".
Although this post is quite old, in my attempt to perform basic IO, I stumbled accross this solution and wanted to update the thread in case any others happen to have a similar issues to my own. Through GoDaddy's File Manager, you can set read and write
permissions on any folder of your chosing. There is no need to create an additional web.config file for basic IO tasks. Hope this helps.
I also ran into this issue (shared hosting in godaddy), the behavior looks rather strange to me. I build a WCF web service which creates files and folders on demand. web service is located in [root]\app\service1. And the file repository is in [root]\files.
I set the [root]\files folder to read/write enabled.
In the webservice, I was able to use following code to create a file in [root]\files folder:
However, none of following works: System.IO.File.Copy,
System.IO.File.Move, System.IO.Directory.CreateDirectory
They all end up with exception on FileIOPermission. If I change the target filder from [root]\files to [root]\app\service1\app_data, they are all working just fine.
I don't understand about the difference. GoDaddy support told me that my app should be able to read/write in any folder of my "virtual directory", i.e., [root], as long as I enable the folder attribute to allow read/write.
Does anyone has any idea on this? Any suggestion will be greatly appreciated -- I've spent quite some time in google, no solution yet 8(
Hi I was just wondering if you found a solution to the problem of being able to create the directories but not being able to create, write etc?
To ask something you might have already checked, but was this problem there even after setting the read write permissions of [root] with the inherit option ticked?
Also I was wondering if someone could clarrify some of the posts above about using impersonation on a goDaddy shared hosting to give write permission to the process rather than individual directories.
Do we use hosting or gdhosting before the username? And is the username the original username created at the time of registering the hosting (also the default ftp username) or is it the customer number?
jloesel
Member
10 Points
5 Posts
Basic File I/O using Hosting Provider (Godaddy.com) in "Medium Trust' environment.
Dec 07, 2006 03:13 PM|LINK
I am trying to write a very simple logfile for my web application (ASP.NET 2.0). The application is Hosted By Godaddy.com which by default has a "Medium Trust" setting. Does anybody have experience doing File I/O using a third party host.
Many of the solutions I have found suggest changing the security policy for my application from 'Medium' to 'Full' or changing the directory permissions to add the ASP.NET user account. As this is a Third Party Hosting application, I can not change any of the machine configurations.
The following is a Test page I created in the application which illustrates the type of I/O I am trying to accomplish and the associated failures.
Thanks for your help
jl.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Access to the path 'd:\hosting\myApp\test.txt' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path 'd:\hosting\myApp\test.txt' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
Source File: d:\hosting\myApp\test.aspx.cs Line: 21
jloesel
Member
10 Points
5 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Dec 08, 2006 12:54 PM|LINK
After trying a large number of scenarios, I am able to answer my own question... It goes something like this:
Godaddy requires you to create a Web hosting username/password. I had mistakenly assumed this was merely an FTP account when in actuality, it was a Windows domain/user password. Typically HOSTING\user
I created a subdirectory where I wanted to contain all of the File I/O activities, thus any security risks would be limited to this one folder. In the example above, if my root folder was myApp, then I create a subfolder at myApp\FileIO.
I then created a new web.config file in that folder that overrides (or actually extends the root web.config file. ) All of the properties of the root web.config file are intact except for the ones that are overridden in the new web.config file. The entire file is pasted below. The trick is to user impersonation using the original godaddy Windows (FTP account) that I originally set up.) By default, (without this web.config file), the entire process runs under the ASP.NET account which does NOT have the ability to add/delete files in my application. But MY id/password does.
I also used the .Net 2.0 security controls to limit access to to the new FILEIO folder to persons with a correct username/password. In other words, using standard .NET authentication controls, I can control who has access to this part of the application. Once they are in, I switch the identity of the ASP.NET worker process to my own id/password which has read/write access. This way, I don't have to give out the windows account/password to my site administrators. They only have website usernames/passwords.
Taking this one step further, I would encrypt this entire web.config file section so that this sensitive username/password is not visible.
Hope this helps
j
<?
xml version="1.0"?><configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<identity impersonate="true" userName="HOSTING\myUserName" password="myPassword"/>
</system.web>
</configuration>
BradW
Member
157 Points
41 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Nov 20, 2007 02:46 AM|LINK
I'm trying to get impersonation working on godaddy and found your asp.net form thread. I know it's been awhile since you had to deal with this but I'm wondering if you could help me out. I've tried the impersonation settings per your message but I'm getting an invalid login. If I follow correctly I should be using the ftp user name such that the web.config would look like this
<identity impersonate="true" userName="HOSTING\myFTPUserName" password="myFTPUserPassword"/>
I did notice that when a error is raised the error reports back that the user is GDHOSTING\WD016_28 and that impersonate is false (I'm using .Net's health monitoring to email me the error info). In my case I'm setting it at the root because I need to let administrations do quite a bit of updating to the site (which may change later).
Thanks for any help you can provide
- Brad
jloesel
Member
10 Points
5 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Nov 20, 2007 12:47 PM|LINK
I'll ask the obvious questions 1st
1.
<identity impersonate="true" userName="HOSTING\myFTPUserName" password="myFTPUserPassword"/> --- You are using your full login domain and id. correct?? (GDHOSTING\WD016_28 ). i.e. using GDHOSTING and not just "HOSTING".
2. The web.config file is in the root directory??
tod1d
Member
79 Points
19 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Apr 27, 2009 02:08 AM|LINK
Thanks. This resolved my issue.
blog: http://tod1d.net
markbonano
Member
4 Points
2 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Aug 03, 2009 04:53 PM|LINK
Although this post is quite old, in my attempt to perform basic IO, I stumbled accross this solution and wanted to update the thread in case any others happen to have a similar issues to my own. Through GoDaddy's File Manager, you can set read and write permissions on any folder of your chosing. There is no need to create an additional web.config file for basic IO tasks. Hope this helps.
okeoke
Member
2 Points
1 Post
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Nov 23, 2009 10:01 PM|LINK
I also ran into this issue (shared hosting in godaddy), the behavior looks rather strange to me. I build a WCF web service which creates files and folders on demand. web service is located in [root]\app\service1. And the file repository is in [root]\files. I set the [root]\files folder to read/write enabled.
In the webservice, I was able to use following code to create a file in [root]\files folder:
FileStream stream = File.Open(filePath, FileMode.Create, FileAccess.Write);
...
stream.Close();
However, none of following works: System.IO.File.Copy, System.IO.File.Move, System.IO.Directory.CreateDirectory
They all end up with exception on FileIOPermission. If I change the target filder from [root]\files to [root]\app\service1\app_data, they are all working just fine.
I don't understand about the difference. GoDaddy support told me that my app should be able to read/write in any folder of my "virtual directory", i.e., [root], as long as I enable the folder attribute to allow read/write.
Does anyone has any idea on this? Any suggestion will be greatly appreciated -- I've spent quite some time in google, no solution yet 8(
ksm79
Member
6 Points
8 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Mar 29, 2010 02:03 PM|LINK
Hi I was just wondering if you found a solution to the problem of being able to create the directories but not being able to create, write etc?
To ask something you might have already checked, but was this problem there even after setting the read write permissions of [root] with the inherit option ticked?
ksm79
Member
6 Points
8 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Mar 29, 2010 02:11 PM|LINK
Also I was wondering if someone could clarrify some of the posts above about using impersonation on a goDaddy shared hosting to give write permission to the process rather than individual directories.
Do we use hosting or gdhosting before the username? And is the username the original username created at the time of registering the hosting (also the default ftp username) or is it the customer number?
Thanks.
ahilnsp
Member
10 Points
8 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Jun 11, 2010 07:34 AM|LINK
what markbonano said is correct..please kep follow his answer..