Thanks for the update. They've added some features to the service since I wrote this post. I had scoured the internet and message boards and arrived at the impersonation solution by accident.
I'm on go daddy. Trying to write / read files (upload and then read them from specific directory). Have given the read & write permissions to specific directories using File Manager -> permissions (have un-checked inherit parent) . However no luck, and stuck
with exception. It would be of great help to hear on some solution to this.
You must give read/write permissions to the folder containing the uploaded files (In your case 'System.Configuration.ConfigurationSettings.AppSettings["FILEULDIR"]'). Log into the GoDaddy control panel, launch the Hosting Control Center and select the File
Manager. You will be able to select a folder in the File Manager and give it read/write access. Hope this helps,
is it literally "HOSTING" or my actual the main domain on godaddy? eg. mydomain.com?
I have a similar setup where I want to have my service on the server side (eg. wcf1.svc) access a file under clientbin\data\some.xml and where I have set the "data" folder using the filemanager
to (application can write this directory) checked and Read (directory contents are visible to users) is UNCHECKED.
When I use no <identity thingy.... in my config (ie. vanilla
There is also this "password vault" where Godaddy allows you to setup a triplet of "application,user,password" is this of any use here? If yes is application string arbitrary? where would this show up in my solution/web.config?
If "HOSTING" needs to be a domain should it be the primary hosting domain or the domain I configured my WCF services against? (I am multi domain hosting)
Can I get around the access denied complaint by providing some credential via code? how please be explicity? I am thinking the Silverlight client should not be concerned with these credential but rather its totally up the server code (service) to resolve
this access, right?
Thanks for all your help. Glad to see an old thread still alive, as it took a while to find a close match to what I am trying to do. (BTW I am not doing any of the WCF authentication jumbo, it's just behond my head and I am simply doing my thing with trying
to manage some XML by the server code only, ie. not wanting casual users to access these files via a browser). Sorry for the length, but you can tell I am totally confused :)
Note: Of course I get none of this if my service accesses XML files in ClientBin and not ClientBin\Data\.
WCF service Silverlight access denied authentication
Yes -- it is literally 'HOSTING'. Or it was. I wrote this post a long time ago and this was before the ability to actually set permissions on the directory folders via the Godaddy File Utility. When I first discovered this soution, I got an error
message similar to your own:
"Access to the Path...." is denied. Looking at the error message further... I deduced that my domain and userid were HOSTING/myName. -- myName
was my Godaddy login name. HOSTING was unique to the webhosting service of Godaddy. When I used FTP to upload files, I didn't have to include this but ... I figured the error message was giving me the clue I needed.
Looking at the error you are getting above, I would have modified the web.config file as follows:
I am making the assumption that you registered with Godaddy via a numeric userName (or it was given to you). You'll need your real password as well.
-- so that was my thought process then... and thus, my thought process now. I merely inspected the error message I got and guessed that HOSTING was part of the userName element in the web.config file.
Give it a try. I hope it works. btw - None of this is Godaddy specific. Impersonation is a .Net feature allowing you run the ASPNet worker process under an account of your choosing.
I always seem to get the same garbage back somthing like this:
(client_VCompleted) An exception orrcured->An exception occurred during the operation, making the result invalid. Check InnerException for exception details.System.ServiceModel.CommunicationException: The remote server returned an error: NotFound. ---> System.Net.WebException:
The remote server returned an error: NotFound. ---> System.Net.WebException: The remote server returned an error: NotFound.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<EndGetResponse>b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass2.<BeginOnUI>b__0(Object sendState)
--- End of inner exception stack trace ---
While this code approach seems to be working I have the following observations:
a) when I comment out the call Authenticate(,) its effect seems to hang around even if I exit VS2010. However if I clear the IE cache the code fails (?weird? I really use FFox). So I need to look closer
at how the LogonUser token/handle needs to be released apparently the sample in the post is not carefully coded. Actually, I don't understand all this
Chinese :) I wish it was a lot more straightforward than all this pain.
b) I now think the WCF DLL/process on the server
(with the valid credentials still logged on) hangs around so when another
instance of the client runs it may either succeed or fail, eventhough the service code on the server has not changed between sessions/runs. I think I've seen it fail from an instance of the client on another computer probabling instanciating a different thread of the service which probably fails because there a sibling still hanging around.
I am just thinking loud in writing :) I wish there was an easier class eg. Logon.LogUser() which remains in effect then a call to some Logon.LogOut() releases whatever needs to be cleaned out (token/handles oh whatever). I am
somehow hesitating to include all my XML access inside the Authenticate(,) method after API LogonUser() succeeds. But not clear on how to implement such a LogUser() and LogOut() global methods.
c) the original configured folder clientbin\data\some.xml now returns "500 (internal Server) error" in the browser instead of prompting with the "Authentication Required" dialog. So I have configured
an additional clientbin\data2\some.xml with data2 only accessible by apps and which prompt for authentication when accessed via the browser URL. Note: both folder are accessed fine using the code Authenticate(,) routine.
3)----------
Finally, I am still interested in getting the web.config to work as I don't understand why it is not working. Perhaps my class and/or methods are decorated the wrong way for web.config to work with <identity.....> . Please feel free to strip/modify all this
.NET gibberish :)
When I search on this topic
most of the posts are telling the poster to relax the folder access rights, this is not my goal. Also when I see "impersonate" it throws
me off perhaps this "impersonation" terminology also applies to server code needing access to its "local" files on the same server.
Bottom line I am not trying to pass the credentials of the client, here a Silverlight OOB application, to the Server SVC code but rather except the server service code to have exclusive access rights
to these files/folder. Am I approaching this goal the right way :) ?
What is the difference betwee filezilla chmod on files/folder versus using Godaddy's filemanager (perhaps the later is doing some IIS magic? or is it really at the hosting OS ("windows grid") filesystem
level?)
Thanks for all your help.
asp. netSilverlightnet 4.0 WCF access to file authentication authorization impersonate
jloesel
Member
10 Points
5 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Jun 11, 2010 11:36 AM|LINK
Thanks for the update. They've added some features to the service since I wrote this post. I had scoured the internet and message boards and arrived at the impersonation solution by accident.
Lakshmish
Member
2 Points
2 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Dec 02, 2010 04:17 PM|LINK
I'm on go daddy. Trying to write / read files (upload and then read them from specific directory). Have given the read & write permissions to specific directories using File Manager -> permissions (have un-checked inherit parent) . However no luck, and stuck with exception. It would be of great help to hear on some solution to this.
My piece of code to upload file is
<div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste"> if (FileUpload1.HasFile)</div> <div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste"> {</div> <div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste"> FileUpload1.SaveAs(Server.MapPath("~") + System.Configuration.ConfigurationSettings.AppSettings["READBOMEXCELDIR"] + FileUpload1.FileName);</div>if (FileUpload1.HasFile)
{
FileUpload1.SaveAs(Server.MapPath("~") + System.Configuration.ConfigurationSettings.AppSettings["FILEULDIR"] + FileUpload1.FileName);
}
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode) at System.Web.HttpPostedFile.SaveAs(String filename) at System.Web.UI.WebControls.FileUpload.SaveAs(String filename)
file upload medium trust
markbonano
Member
4 Points
2 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in &amp;quot;Medium Trust' environment.
Dec 05, 2010 10:53 AM|LINK
You must give read/write permissions to the folder containing the uploaded files (In your case 'System.Configuration.ConfigurationSettings.AppSettings["FILEULDIR"]'). Log into the GoDaddy control panel, launch the Hosting Control Center and select the File Manager. You will be able to select a folder in the File Manager and give it read/write access. Hope this helps,
- Mark
Marie123
Member
6 Points
3 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in "Medium Trust' environment.
Jan 02, 2011 05:32 PM|LINK
The original post was not clear about
<identity impersonate="true" userName="HOSTING\myUserName" password="myPassword"/>
is it literally "HOSTING" or my actual the main domain on godaddy? eg. mydomain.com?
I have a similar setup where I want to have my service on the server side (eg. wcf1.svc) access a file under clientbin\data\some.xml and where I have set the "data" folder using the filemanager to (application can write this directory) checked and Read (directory contents are visible to users) is UNCHECKED.
When I use no <identity thingy.... in my config (ie. vanilla
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
I am getting access is denied
Access to the path 'D:\Hosting\2584489\html\GETINFO\clientbin\data\SOME.XML' is denied.
When I try various guesses :) like
<identity impersonate="true" userName="mydomain.com\DefaultFTPName" password="DefaultFTPPassword"/>
The remote server returned an error: NotFound.
There is also this "password vault" where Godaddy allows you to setup a triplet of "application,user,password" is this of any use here? If yes is application string arbitrary? where would this show up in my solution/web.config?
If "HOSTING" needs to be a domain should it be the primary hosting domain or the domain I configured my WCF services against? (I am multi domain hosting)
Can I get around the access denied complaint by providing some credential via code? how please be explicity? I am thinking the Silverlight client should not be concerned with these credential but rather its totally up the server code (service) to resolve this access, right?
Thanks for all your help. Glad to see an old thread still alive, as it took a while to find a close match to what I am trying to do. (BTW I am not doing any of the WCF authentication jumbo, it's just behond my head and I am simply doing my thing with trying to manage some XML by the server code only, ie. not wanting casual users to access these files via a browser). Sorry for the length, but you can tell I am totally confused :)
Note: Of course I get none of this if my service accesses XML files in ClientBin and not ClientBin\Data\.
WCF service Silverlight access denied authentication
jloesel
Member
10 Points
5 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in "Medium Trust' environment.
Jan 03, 2011 12:32 PM|LINK
So to answer your question:
Yes -- it is literally 'HOSTING'. Or it was. I wrote this post a long time ago and this was before the ability to actually set permissions on the directory folders via the Godaddy File Utility. When I first discovered this soution, I got an error message similar to your own:
"Access to the Path...." is denied. Looking at the error message further... I deduced that my domain and userid were HOSTING/myName. -- myName was my Godaddy login name. HOSTING was unique to the webhosting service of Godaddy. When I used FTP to upload files, I didn't have to include this but ... I figured the error message was giving me the clue I needed.
Looking at the error you are getting above, I would have modified the web.config file as follows:
<identity impersonate="true" userName="HOSTING\2584489" password="password"/>
I am making the assumption that you registered with Godaddy via a numeric userName (or it was given to you). You'll need your real password as well.
-- so that was my thought process then... and thus, my thought process now. I merely inspected the error message I got and guessed that HOSTING was part of the userName element in the web.config file.
Give it a try. I hope it works. btw - None of this is Godaddy specific. Impersonation is a .Net feature allowing you run the ASPNet worker process under an account of your choosing.
Marie123
Member
6 Points
3 Posts
Re: Basic File I/O using Hosting Provider (Godaddy.com) in "Medium Trust' environment.
Jan 04, 2011 12:15 AM|LINK
Thanks for the reply.
1))----------
So thru some echoing from code using WindowsIdentity I was able to see
PHX3\Iusr_2584489 S-1-5-21-3564280981-3663139379-3503723830-912259
So I went on more guess work, none of my attempts (many) with web.config have worked
<identity impersonate="true" userName="HOSTING\ftpname" password="ftppass"/>
<identity impersonate="true" userName="HOSTING\2584489" password="ftppass or mainaccountpass"/>
<identity impersonate="true" userName="HOSTING\original_user_number" password="ftppass or mainaccountpass"/>
<identity impersonate="true" userName="PHX3\Iusr_2584489" password="ftppass or mainaccountpass"/>
<identity impersonate="true" userName="PHX3\AdminUserName" password="pass"/>
<identity impersonate="true" userName="AdminUserName" password="pass"/>
I always seem to get the same garbage back somthing like this:
2))----------
So I have given up on web.config for now and I'm using vanilla version again. Now trying with code base Authentication (see sample code at Impersonating by username and password - Damir Dobric Posts - developers.de) which works when I use Authenticate("AdminUserName", "pass");
While this code approach seems to be working I have the following observations:
a) when I comment out the call Authenticate(,) its effect seems to hang around even if I exit VS2010. However if I clear the IE cache the code fails (?weird? I really use FFox). So I need to look closer at how the LogonUser token/handle needs to be released apparently the sample in the post is not carefully coded. Actually, I don't understand all this Chinese :) I wish it was a lot more straightforward than all this pain.
b) I now think the WCF DLL/process on the server (with the valid credentials still logged on) hangs around so when another instance of the client runs it may either succeed or fail, eventhough the service code on the server has not changed between sessions/runs. I think I've seen it fail from an instance of the client on another computer probabling instanciating a different thread of the service which probably fails because there a sibling still hanging around. I am just thinking loud in writing :)
I wish there was an easier class eg. Logon.LogUser() which remains in effect then a call to some Logon.LogOut() releases whatever needs to be cleaned out (token/handles oh whatever). I am somehow hesitating to include all my XML access inside the Authenticate(,) method after API LogonUser() succeeds. But not clear on how to implement such a LogUser() and LogOut() global methods.
c) the original configured folder clientbin\data\some.xml now returns "500 (internal Server) error" in the browser instead of prompting with the "Authentication Required" dialog. So I have configured an additional clientbin\data2\some.xml with data2 only accessible by apps and which prompt for authentication when accessed via the browser URL. Note: both folder are accessed fine using the code Authenticate(,) routine.
3)----------
Finally, I am still interested in getting the web.config to work as I don't understand why it is not working. Perhaps my class and/or methods are decorated the wrong way for web.config to work with <identity.....> . Please feel free to strip/modify all this .NET gibberish :)
[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class TEST2 // : IWCF1
{
}
When I search on this topic most of the posts are telling the poster to relax the folder access rights, this is not my goal. Also when I see "impersonate" it throws me off perhaps this "impersonation" terminology also applies to server code needing access to its "local" files on the same server.
Bottom line I am not trying to pass the credentials of the client, here a Silverlight OOB application, to the Server SVC code but rather except the server service code to have exclusive access rights to these files/folder. Am I approaching this goal the right way :) ?
What is the difference betwee filezilla chmod on files/folder versus using Godaddy's filemanager (perhaps the later is doing some IIS magic? or is it really at the hosting OS ("windows grid") filesystem level?)
Thanks for all your help.
asp. net Silverlight net 4.0 WCF access to file authentication authorization impersonate