Solved

Windows Service FileSystemWatcher access problems

Posted on 2007-04-10
8
1,533 Views
Last Modified: 2013-11-07
objective: To have a windows service running on a windows 2003 server (server 1) that listens for file changes and mirrors these changes onto server 2.

current implementation:

private const string SERVER_TWO = "\\\\server\\share$\\";

private void fileSystemWatcher1_Created(object sender, System.IO.FileSystemEventArgs e)
        {
            System.Threading.Thread.Sleep(5000);
            try
            {
                string outFile = SERVER_TWO + e.Name;
                if (System.IO.File.Exists(outFile))
                    System.IO.File.Delete(outFile);
                System.IO.File.Copy(e.FullPath, outFile);
            }
            catch (Exception ex)
            {
                //writes exception to file
            }
        }

implementation: I install this windows service just fine.  I have tried running it under the local system, which didn't work obviously.  However, I have also tried running it under my account which has full access to the entire network and still no success.

error: System.UnauthorizedAccessException: Access to the path '\\server\share$\subdir\test.txt' is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite)
   at WebServerSynch.ServiceMain.fileSystemWatcher1_Created(Object sender, FileSystemEventArgs e)

I have searched for this and the solution always seems to be that the account the web service is running under lacks permissions.  In this case, that just isn't true.  Any suggestions?
0
Comment
Question by:okerupt
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:JipFromParis
ID: 18883088
I would suggest running with your own account for test purpose, then once fixed, trying to move to NETWORK SERVICE account which is the prefered account for such a service (local system is far to powerful for that). Now let's assume you are running with your own account.
Connect on SERVER_TWO computer and check that you have write access to both the share itself AND the underlying directory. In order to perform the check start the Administrative Tools / Computer Mangement program. Select the System Tools / Shared Folders / Shares tree node on the left. In the right pane, tight click the target share and check last two panes (Share Permissions AND Security). You should have write access on both.
Another easy interactive way to perform the test is to map the share in Windows Explorer (Tools / Map network drive menu item) then to try to drag an drop a file in the newly mapped share. If the drop succeed, you might assume you have correct permissions.

Can you proceed please and acknowledge your results.
0
 
LVL 5

Expert Comment

by:Yttribium
ID: 18883122
When I tested it on my network, I wrote a quick demo;

System.IO.File.Copy(@"C:\test.bmp",@"\\10.0.0.6\c$\test.bmp");

And it worked without a problem... can you access this "directory" as you wrote it \\server\share$\subdir\, via explorer for instance?  If so, then I'm curious what account your service is running under.
0
 

Author Comment

by:okerupt
ID: 18883184
I have tried running it under the local system account, which didn't work obviously.  However, I have also tried running it under my account which has full access to the entire network and still no success.

Also, yes I can access this \\server\share$\subdirectory just fine in windows explorer with my user account.  I ran the same code as a windows program and it worked fine so something is very strange here.
0
 

Author Comment

by:okerupt
ID: 18883191
Also, I add files to these server shares from my local computer all the time so my account having access is pretty much unquestionable.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 5

Expert Comment

by:Yttribium
ID: 18883202
Does the release compiled version have this problem?  Or while you're debugging?
0
 

Author Comment

by:okerupt
ID: 18883232
This is the released version.  Also, I am not aware of how to debug a windows service using the visual studio 2005 IDE.  When I try, it gives me the "has to be installed using installutil" error.  
0
 
LVL 5

Accepted Solution

by:
Yttribium earned 250 total points
ID: 18883292
When you run "Lusrmgr.msc", what are the permissions under the IUSR_Computername account etc?
0
 
LVL 3

Assisted Solution

by:JipFromParis
JipFromParis earned 250 total points
ID: 18883560
WARNING : The configuration settings given below are powerful. It is discouraged to apply them on a production server "as is" without previous review by a specialist.

Now that we have cleared the basic access checks, we must fall back to the infamous .Net CAS (Code Access Security) which is a potential nightmare. These permissions are manageable from the ".Net Framework 2.0 Configuration" program to be found in the Start / Administrative Tools menu. Once there, you should go to My Computer / Runtime Security Policy / Machine / Code Groups / All_Code and expand it. Right click and create new group. On first panel giving it a meaningfull name and select Next. On the second panel, choose a URL condition type. An edit box will appear below in which you should type :

file://\\server2-name\share-name\*

where you will replace both the server name and the share name with appropriate names. On third and last pane, choose the "Full Trust" permission set then acknowledge and confirm. Now, try again to run your service. Hope this will resolve the problem. If so, you should dive into CAS configuration and devise a more restrictive policy than full trust then modify the code group you created and downgrade the trust level.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now