[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Security Exception trying to ftp a file

Posted on 2009-05-18
15
Medium Priority
?
235 Views
Last Modified: 2012-05-07
I need some assistance.

Please to the following URL:

http://www.notlwonks.com/boomerang

and try to upload an Excel file ( .XLS ), or I suppose any file will do.


If you get a Security Exception -- that is what I need help with.  

Here is my FTP code (see snippet):
public bool UploadFile(FileInfo oFile)
    {
      FtpWebRequest ftpRequest;
      FtpWebResponse ftpResponse;
            
      try
      {
        //Settings required to establish a connection with
        //the server
        ftpRequest = (FtpWebRequest)FtpWebRequest.
           Create(oFile.Name);
        ftpRequest.Method = WebRequestMethods.Ftp.UploadFile;
        ftpRequest.Proxy = null;
        ftpRequest.UseBinary = true;
        ftpRequest.Credentials =
           new NetworkCredential("notlwonks", "<you wish>");
        ftpRequest.KeepAlive = true;
        ftpRequest.EnableSsl = false;
        // Validate the server certificate with
        // ServerCertificateValidationCallBack
        //if (UseSSL) ServicePointManager.
        //   ServerCertificateValidationCallback = new
        //      RemoteCertificateValidationCallback
        //      (ValidateServerCertificate);
 
        //Selection of file to be uploaded
        byte[] fileContents = new byte[oFile.Length];
 
        //will destroy the object immediately after being used
        using (FileStream fr = oFile.OpenRead())
        {
          fr.Read(fileContents, 0,
          Convert.ToInt32(oFile.Length));
        }
        using (Stream writer = ftpRequest.GetRequestStream())
        {
          writer.Write(fileContents, 0, fileContents.Length);
        }
        //Gets the FtpWebResponse of the uploading operation
        ftpResponse = (FtpWebResponse)ftpRequest.GetResponse();
        //Display response
        //Response.Write(ftpResponse.StatusDescription);
 
        ftpResponse.Close();
        ftpRequest = null;
 
        return true;
      }
      catch (WebException webex)
      {
        return false;
        //this.Message = webex.ToString();
      }
    }

Open in new window

0
Comment
Question by:Tom Knowlton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 7

Expert Comment

by:ajolly
ID: 24418369
where does this file get uploaded.
I mean .. have you checked the write permission to the folder where the uploaded file is being written.

I am not very clear with the code, where the file is being uploaded.
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24423872
The folder is located at:

http://www.notlwonks.com/boomerang

I am providing the FTP object with the same login credentials as I use with my FTP client ... so in my mind it should be working.  I am not sure why security is an issue, to be honest, because I should be authenticating.  
0
 
LVL 7

Expert Comment

by:ajolly
ID: 24424089
no.. when you use asp.net , you need to provide the write permissions to Network Service account, ASP.Net account, IUSR_<MachineName> account.

To verify, you can set the full permission for all users, and then try uploading.
If it works, that means you need to provide the correct permissions.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24424259
>>>>To verify, you can set the full permission for all users, and then try uploading.

-----------


How do I do this?
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24424635
I went in and set all the permissions to write / read for ROOT and then I INHERITED all permissions.

It still does not work.

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
0
 
LVL 7

Expert Comment

by:ajolly
ID: 24427919
Exceptions from the System.Security.Permissions namespace are thrown when code access policies are not met.
To configure a policy you can use "Admin Tools" -> ".Net Framework v?.? Configuration" or caspol.exe.

You will probably need to create a new Permissin Set (duplicate existing is simpler) and add File IO permission and assign this to the appropriate Code Group.

Check out http://msdn.microsoft.com/en-us/library/930b76w0.aspx for more info.
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24427992
ajolly:

Can you give me more clear instructions?  I am not familiar with the process you are describing.

Tom
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24427995
You do understand that I am talking about a hosted website, right?
0
 
LVL 7

Expert Comment

by:ajolly
ID: 24428072
Sorry, i didn't mind if you ever mentioned about Hosted Website.

In case of Hosted Website, If it is a shared hosting, you will not do anything, in fact they will never allow you to do this. The only thing you can do is to ask your hosting provider to set proper rights for read/write.

I am just thinking, if it is a hosted environment, how did you check if all the permissions are set, which I asked you to check in previous posts !!!

Usually the good hosting providers have the experts to understand the .net framework, and they know how to give trust to an application for IO operations.

The best I can tell you is that it is the issue with permissions.
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24434239
ajolly:

I guess the think I don't understand is this:

If I can already connect using filezilla ( an FTP client ) -- then why can't I do the SAME THING in my C# code behind?
0
 
LVL 7

Accepted Solution

by:
ajolly earned 2000 total points
ID: 24437337
FTP client and the server side code works in a different way.

It is something like there is some code you have put on the server, and this code is trying to do whatever the code wants. In hosted environment, the code access security becomes vital, because your code is on server and you can do whatever you want if your code is not controlled by security permissions.

In case of FTP Client, it runs the code in your local machine, and needs only write permission to the folder.
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24437554
>>>and needs only write permission to the folder.

there's no way for me to do this using FtpRequest -- even though I can authenticate!!!????


This just seems odd to me.
0
 
LVL 5

Author Closing Comment

by:Tom Knowlton
ID: 31582853
I'll give you the points NOW -- but I would like to continue to discuss this as long as you have patience to do so.  :)   Many thanks!
0
 
LVL 7

Expert Comment

by:ajolly
ID: 24438728
no .. its not odd.

asp.net code has the capabilities... to do massive on server.
as it runs on the server, the code can access any directory and delete the contents or modify the registry settings.

and to control this, the hosting environment, controls is via the security model.

I will try to find some more information about the new classes added in .net framework 3.5 for the hosting environment permissions, and update you in some time.

thanks for the points.
0
 
LVL 5

Author Comment

by:Tom Knowlton
ID: 24438981
Thanks, ajolly.

Tom
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question