Solved

DLL update causes FileIOPermission Error

Posted on 2011-02-18
19
845 Views
Last Modified: 2012-05-11
I've an ASP.NET 3.5 app running for six months or so using the IONIC.ZIP.DLL (added by Right-clicking App, Add Reference and pointing to the DLL.

When I execute the attached code I get the following error:

Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

In the config I have:

            <authentication mode="Windows"/>
            <identity impersonate="true" userName="TestDomain\TestUser" password="TestPassword"/>

Again, this has been running for the last 6 months w/o problems.  I did, however, recently update the DLL to a newer version.  I was running v1.7.2.12 and now have 1.9.  I'm guessing this is what started the problem.

This works perfectly fine from my local PC, but when deployed onto my server is when I receive the error.
Dim sFilename As String = "\\SERVER1\PAPERS\ZIPTEST\test.zip"

		If Not File.Exists(sFilename) Then
			lblError.Text += "FILE NOT FOUND : " & sFilename
			Exit Sub
		End If

		Try
			Dim oZip As ZipFile = ZipFile.Read(sFilename)

			Try
				lblError.Text += oZip.Entries.Count.ToString
			Catch ex As Exception
				lblError.Text += "EX3: " & ex.Message & "<br><br>"
			End Try

			Try
				oZip.ExtractAll("\\VENUS\PAPERS\ZIPTEST\", ExtractExistingFileAction.OverwriteSilently)
			Catch ex As Exception
				lblError.Text += "EX2: " & ex.Message & "<br><br>"
			End Try

			oZip.Dispose()
		Catch ex As Exception
			lblError.Text += "EX1: " & ex.Message & "<br><br>"
		End Try

		lblError.Text += "DONE! " & Now.ToString("MM/dd/yy HH:mm:ss")

Open in new window

0
Comment
Question by:MarkWThompson
  • 11
  • 8
19 Comments
 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
If you switch back to v1.7.2.12, does it start working again?

Can you do MsgBox alerts or something similar to find out which line it is throwing an error on?
0
 

Author Comment

by:MarkWThompson
Comment Utility
Unfortunately, no.  So I must have done someone else, but I have no idea what it could have been.
0
 

Author Comment

by:MarkWThompson
Comment Utility
The line that gives the exception is:

Dim oZip As ZipFile = ZipFile.Read(sFilename)

So where it tries to access the file.  File.Exists("Filename") works just fine, however.  
0
 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
Have you checked to make sure that the file permissions are correct? I can't remember if the Internet Guest Acccount, the ASP.NET account or both need permission to the file. Give that the file is on a different computer, the logins and passwords would have to be the same.

Also, can you try the code below and see if it works? If it does, I'm sure it'll just spit out nonsense, I'm just trying to test if it's an issue with accessing the file or with IONIC.ZIP.DLL.

Dim curFileInfo As New FileInfo(sFilename)
Dim curStreamReader As StreamReader = curFileInfo.OpenText()
Response.Write(curStreamReader.ReadToEnd)

Open in new window

0
 

Author Comment

by:MarkWThompson
Comment Utility
quizwedge:  When I run your code it acts as if I want to download the file.  So I'm assuming this is because it IS actually able to access the file.
0
 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
It seems to me that the issue is something to do with IONIC.ZIP.DLL. I haven't used it, but I found the following question posted (http://dotnetzip.codeplex.com/discussions/82867?ProjectName=dotnetzip) which discussed giving Ionic full trust using CASPOL. You can see more about CASPOL at http://msdn.microsoft.com/en-us/library/cb6t8dtz(v=vs.80).aspx
0
 

Author Comment

by:MarkWThompson
Comment Utility
Quizwedge:  I'm poking around exactly how to give fulltrust to the dll via Caspol.

Until I do, however, I'm still inclined to think that this is not the problem as it was running fine just a few days ago (and still works fine from my local PC).

I'm bettng I changed something on the Server in IIS which has screwed this all up, but have yet to figure out what :-(
0
 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
One option would be to try writing and reading a file to the same directory. That would confirm for sure that ASP.NET had the permissions it needed. At that point it'd be pretty conclusive that it was something to do with IONIC even if it was something to do with IIS and permissions for IONIC.

You may want to add a tag and/or zone for IIS to see if you can pull in any IIS experts that have experience in this area.
0
 

Author Comment

by:MarkWThompson
Comment Utility
I wrote the following code and it execute just fine.  It must have something particular to do with the IONIC dll and IIS (of course, I'm still guessing).



Dim sFilename As String = ""

		sFilename = "\\VENUS\PAPERS\ZIPTEST\" & Format(Now, "yyyy-MM-dd HH-mm-ss-ff") & " - " & Environment.MachineName.ToUpper & ".txt"

		Try
			If IO.Directory.Exists("\\VENUS\PAPERS\ZIPTEST") Then
				Dim oW As New IO.StreamWriter(sFilename)
				oW.WriteLine("FROM: " & asFrom)
				oW.WriteLine("TO: " & asTo)
				oW.WriteLine("SUBJECT: " & asSubject)
				oW.WriteLine("BODY: " & asBody)
				oW.Close()
			End If
		Catch ex As Exception
			'** CRAP **
		End Try
	End Sub

Open in new window

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
I thought of one more test I thought of to confirm that it's something in IIS that needs to be fixed. Build a regular Windows VB.NET app that uses IONIC and run it on the server. If It can do the zipping and unzipping from the remote directory, then it seems pretty conclusive that it's something with IONIC in IIS.

I'm guessing you're on the right track that the answer lies in IIS. I found someone who had a similar issue (which came down to IIS not trusting IONIC) and built a workaround: http://stackoverflow.com/questions/4432370/why-cant-my-aspx-pages-access-directories-on-the-webserver-iteself Seems to me the better solution would be to have IIS trust IONIC. I think to do that, you use Caspol, but I'm not positive. If Caspol doesn't work, I'd have to rely on Google.
0
 

Author Comment

by:MarkWThompson
Comment Utility
Yes, I do have another .NET application that uses the IONIC dll.  It works fine.  It's just the ASP.NET app that's failing.

Since Caspol is not on the server, running this only affects my local dev machine, right?
0
 
LVL 14

Accepted Solution

by:
quizwedge earned 250 total points
Comment Utility
I'll start off my response by saying that I've never used Caspol and not sure if I've even heard of it prior to looking into things for this question.

My understanding is that if you run Caspol on your computer, it will only affect your computer. You would need to run it on the server for it to work on the server.

I did find a GUI front-end for Caspol at http://brandonpotter.wordpress.com/2010/01/23/code-access-security-policy-caspol-exe-gui-utility/ that may help. I haven't tested it or even virus scanned it, just something I found.

Specific information on using Caspol to give full trust to an assembly can be found at http://vspug.com/ssa/2007/09/06/using-caspol-exe-to-add-assemblies-to-full-trust-assembly-list/

That being said, I found a blog post that looks like Caspol only needs to be run in the IONIC dll is on the network share. If the dll isn't on the share, then it shouldn't matter where you're reading and writing the zip to. See http://social.technet.microsoft.com/Forums/en/winserverpowershell/thread/dd5dcae2-1ccc-4be2-b986-61c069102ffb

I did find one other idea. It may be that the DLL is blocked. View the properties of the dll on the server. At the bottom of the General tab may be an "Unblock" button. I found out about this at http://geekotron.net/blogs/view_post.php?content_id=80 but tried to summarize what they said due to "bleeped out" language.

One other test I thought of was to have your ASP.NET app try reading and writing using the IONIC dll to the local hard drive. Not sure what the next step would be if it did or didn't work, but it'd narrow down the problem one more step.
0
 

Author Comment

by:MarkWThompson
Comment Utility
I found something referencing the "blocked" status that can be "unblocked" a while back.  I went to the server via File Explorer, Right Click, Properties and "Unblocked" it.  *Sigh*  Not it.

I also tried reading the Zip file from the local machine -- that didn't work either.  So it's not the file or the location that it's accessing -- it's just that IONIC is trying to do anythign to files that is the problem.

I'll research the CASPOL (via the server) and see what I can figure out.  I don't want to have to install something on the server to test the CASPOL theory -- as we both know it was working at some point without CASPOL being in the equation.  I only wish I know what has/I changed.
0
 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
The one reason why I still think CASPOL might offer a solution is because you would have uninstalled and reinstalled DotNetZip on the server. That should have removed any permissions it had.

One other thought is that you may need to reboot IIS and/or the server for the unblocking to take effect.
0
 

Author Comment

by:MarkWThompson
Comment Utility
Good idea. I have not revolted the server since I've unlocked it. I'll try that tonight. In addition, I'll create a com dll that does nothing more than create a file on a share and run that from the web server. If it fails I know for sure it's not just an IONIC dll problem and definitely a dll permission problem (I'm pretty sure it is the latter, but I'll try it just to make sure).

For just a brief second I thought it might be a 64 bit vs 32 bit issue -- but both server and dev machine are running 64 bit.  
0
 

Author Comment

by:MarkWThompson
Comment Utility
I created a dll that had two simple methods.  One to write a test file, and another that referenced IONIC and tried the same code in the web page.  The First method succeeded and the 2nd method gave me the exact same error that the second one did.

There must be something very specific about the IONIC dll that IIS doesn't like?
0
 

Author Comment

by:MarkWThompson
Comment Utility
Finally, it's working.  I didn't reboot the server, just restarted the IIS services.  And whatever above, below and everything else that was tried seemed to have done the trick.  I know I had rebooted the server at one point, but not since the "Unblock" on the DLL.  So, I'm going to say (and hope) that it was that process which did the trick.

Thank you for your patience and ideas.
0
 

Author Closing Comment

by:MarkWThompson
Comment Utility
To be specific, it was the "Unblock" that I believe did the trick.
0
 
LVL 14

Expert Comment

by:quizwedge
Comment Utility
That's great! Glad it's working now.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now