Give access to non virtual folder through configuration entry? ERROR: <location> path attribute must be a relative virtual path. It cannot contain any of '?' ':' '\' '*' '"' '<' '>' or '|'.

I have a webpage running under a virtual directory that is mapped to d:/webapplication that produces an excel spreadsheet, the page calls a library object that generates a report and places it in a folder d:/attachments. This folder is not in the virtual directory. When I access the webpage i click a button and it attemps to return the created spreadsheet as a mim content type application/vnd.ms-excel.

However i getting redirected back to the login page of the application. Ive also noticed that the excel spreadsheet has not even been created at this location. So assuming this was an authoriseation problem (i.e. I was not authorised to get access to the d:/attachments folder from the web client) I added the following to the web.config at the end.

<location path="d:/attachments">
  <system.web>
   <authorization>
    <allow users="?"/>
   </authorization>
  </system.web>
 </location>

However I get the following error

 <location> path attribute must be a relative virtual path.  It cannot contain any of '?' ':' '\' '*' '"' '<' '>' or '|'.

Is this accurate? Can I only give access for the web application process to folders in a virtual directory? I have granted access rights to everyone to this folder (just because I was too lazy to find the actual user accout that the website is operating under) and I can still not get access.

 I guess the brunt of the question is: Is there a way to grant access to a file from a web application that if that file is not in a virtual directory?

Or is there something I am missing. Any help would be much appreciated.

Regards,

Pete


Peter Heard
0
peter_heard01
1/29/2009 4:53:44 PM
asp.net.security 27051 articles. 1 followers. Follow

3 Replies
2575 Views

Similar Articles

[PageSpeed] 42

 Hi,Pete

 

peter_heard01:
So assuming this was an authoriseation problem

 It is not an Authorization problem. and even if it is a problem of Authroization, the code should be like this :

<location path="attachments"><!--path attribute must be a relative virtual path. -->
  <system.web>
   <authorization>
    <allow users="?"/>
   </authorization>
  </system.web>
 </location>

 

peter_heard01:
 I guess the brunt of the question is: Is there a way to grant access to a file from a web application that if that file is not in a virtual directory?

According to your description, I think it is the problem, ASP.NET app runs under Network Service account by default(without impersonation).Network Service Account do not have the write permission to folder expect the "App_Data" folder.Therefore, what you need to do is grant Network Service Account write permission to the attachments folder whatever it is or not in the virtual directory.

To grant Network Service Account write permission, following these steps:

    1. Right click the folder, choose Properties, click security tab.

    2. Click "Add" button in the "Group or user name" section.

    3. Type in"Network Service " and click "Check Names" button. Click "OK".

    4. Under "Permissions to NETWORD SERVICE" select write allow check box.

If there is anything not clear, please post here, and let me know the result.

Regards

Andrew Zhu


Andrew Zhu
Microsoft online ASP.NET support
Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
0
Andrew
2/3/2009 12:54:25 AM

peter_heard01:

However I get the following error

 <location> path attribute must be a relative virtual path.  It cannot contain any of '?' ':' '\' '*' '"' '<' '>' or '|'.

Is this accurate? Can I only give access for the web application process to folders in a virtual directory?

 

Peter as you guessed, you can only reference to the virtual paths using the location tag.

Now to get to your actual issue, what error are you getting when you are saving the file into that d:/attachments folder

If you are running your application in IIS 5.0, then you need to give ASPNET user, the write permissions to that folder

If its IIS 6.0, its the NETWORK SERVICE.


Kumar Reddi
0
Kumar
2/3/2009 2:46:48 AM
Yeah after messing around with this still not possible to give access in this way. I opened to 'everyone' and it didnt work.  Seems Asp.net will only serve files out to the web that are configured in IIS. The asp.net worker process can still read and write to a file but will not serve to external requests....im pretty sure you have to stick it in a web directory now unless you could copy it locally first maybe i didnt try that....
Peter Heard
0
peter_heard01
2/12/2009 10:09:47 PM
Reply:

Similar Artilces:

''''''''''''''''''''
Name: haznen Email: haznenatyahoodotcom Product: Gran Paradiso Alpha 8 Summary: '''''''''''''''''''' Comments: '''''''''''''''''''''''''''''''''''' Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061204 UGES/1.7.2.0 GranParadiso/3.0a1 From URL: http://www.mozilla.org/projects/granparadiso/ Note to readers: Hendrix gives...

'''''
Name: mario Email: ramar17atfastwebnetdotit Product: Gran Paradiso Alpha 2 Summary: ''''' Comments: K: Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2) Gecko/20070206 GranParadiso/3.0a2 ...

'do' won't 'do' if '/'
Greetings to All from Au, Have a NetWare Perl 5.8.4 and wanted to tweak File\Spec\NW.pm to try and standardise on '/' separators. If I run a test script (t/uni/lower.t) with an unmodified NW.pm, it calls t/uni/case.pl, that, in case.pl, (when the path separators are '\'), the $file is '..\lib\unicore\To\Lower.pl' and the following code portion works, with $simple getting a returned table: sub casetest { my ($base, $spec, $func) = @_; my $file = File::Spec->catfile(File::Spec->catdir(File::Spec->updir, "lib", &qu...

'''
Name: L Lachowsky Email: e2brutus_10atyahoodotcom Product: Firefox Summary: ''' Comments: why duddn this surprise me... I change default server from IE to Mozilla, and then i get error messages. well, shud I decide to not get on my computer with Mozilla..or shud I risk security breeches with IE....hmmm at least i can get on the internet with IE Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this fee...

Cast from type ''''DBNull'''' to type ''''String'''' is not valid.
How do I avoid getting this error: Cast from type ''''DBNull'''' to type ''''String'''' is not valid. I am trying to get values from the database into a form for updating using a Datareader, SQL is set to allow nulls for certain fields as they are not required but the only way I can get the form to display is by adding a space in SQL. Is there another way around this? Check if it is equal to DBNull.Value first and if it is, don't do the cast.Stanley Tan theSpoke Blog Where in the code does it need to go? I am using the following and it's the profile that isn't always requi...

'IN' Clause or 'OR'
Hello, [1]: select * from TABLEA where COL1 IN('value1','value2''valu3'....) [2]:select * from TABLEA where COL1 = 'value1' OR COL1= 'value2' OR COL1='valu3'. TABLEA is a huge table and it has non-clustered index on COL1. Among the above 2 queries, which query will give me the better performance or fast response and WHY? What is the difference between 'IN' and 'OR' clauses as for as Sybase Optimization is concerned. Which is the better one to be used on huge tables. Thanks. Mac An IN list is treated ...

'or' or 'union'
Hello I was just wondering, in general what is better to use, an 'or' clause in a select or a 'union' to join two selects together. Do both statements create work tables? Many thanks Alex I think OR will be better than union. because suppose u have 3 tables and using OR u can join table a and table b and table c so each table will have only one read. but using union you will join table a and table b and in another query of union u will use table (a or b) and table c so ur one read is more in union . Ramdas Alex Cheung wrote: > Hello > >...

'b'..'a'
Hello. I'm using defferent 5.6.0's for Win32. I wonder wheter following behaviour is intentional or not: d:\>perl -e "print 'b'..'c'" bc d:\>perl -e "print 'b'..'a'" bcdefghijklmnopqrstuvwxyz I expected empty list in latter case, like in perl -e "print 'bb'..'a'" <!ENTITY Vadim REALLIFE "Vadim V.Konovalov, St.Petersburg, Russia"> &Vadim; On Wed, Sep 20, 2000 at 03:14:41PM +0400, Konovalov, Vadim wrote: > Hello. > > I'm using defferent 5.6.0'...

DetailsView Converts '<' & '>' to '&lt;' & '&gt;'
I have multi-line textboxes from which the data is stored as a text value in the SQL database. Before the data is passed to the stored procedure, the text is parsed to replace all vbNewLIne and vbLf cases with "<br/>". This is done successfully, storing the text in the database with the "<br/>" tags. When the data is displayed, I want the text data dropped into the page as is; meaning "<br/>" in the database appears as "<br/>" in the source. However, the DetailsView object into which the values are being passed seems to be trans...

'Value' should be between 'minimum' and 'maximum'.
I'm attempting to invoke with parameters:  Dim thing2 As New mydelsubPBStep(AddressOf pbStep) Me.Invoke(thing2, "setMax", dt.Rows.Count)      <---- this is where the error occurs   the delegate looks like this: Private Delegate Sub mydelsubPBStep(ByVal mode As String, ByVal value As Integer)   the function it's calling looks like this:Private Sub pbStep(ByVal mode As String, ByVal value As Integer) Select Case mode.ToLower Case "clear" ProgressBar1.Value = 0 Case "step" ProgressBar1.PerformStep() L...

'To', 'CC', & 'BCC'
Name: Dick Tracy Email: philipdottracyatoptusnetdotcomdotau Product: Thunderbird Summary: 'To', 'CC', & 'BCC' Comments: I have just started using Thunderbird and while I find it quite excellent- I suggest having a button to add addressees to 'BCC' as well. Currently each 'BCC' addressee has to be selected manually. I send e-mail to quite a number of people at a time and I do not wish to readily spread others addresses easily. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0....

EXEC sp_msforeachtable 'sp_spaceused ''?'''
What does the following SQL code mean?  EXEC sp_msforeachtable 'sp_spaceused ''?'''Johan TheunissenMCPD, MCSE, MCTS BizTalk 2006==============================Please mark the most helpful reply/replies as "Answer". JohanNL:sp_msforeachtable This is the name of the SP that resides in the master database.  This SP executes one or more commands for a table. JohanNL:sp_spaceused This is the command that you want to run for each of the tables residing in your current database.  As you might have understood so far, that this is again a...

error in ''%'' operator
hi... friends    i got this error (Syntax error: Missing operand after ''%'' operator)below statement. dtBtnScr.DefaultView.RowFilter = "LOCATION_CITY'" + txtCity.Text.Trim() + "%'AND LOCATION_STATE '" + ddlState.SelectedValue + "%'AND UNIT_ID'" + txtUnitCode + "%'AND UNIT_NAME '" + txtUnitName.Text.Trim() + "%'";   thnax friends It thinks you are trying to use the modulo operator: %. Look at the RowFilter string after you build it ...you should see the prob...

The type '<class>' exists in both '<dll location>' and '<dll location 2>'
For some reason though it appears that one of my class files (_common.cs - in the App_Code directory) is being included in the WAP .dll file as well as when it compiles the App_Code at runtime.error CS0433: The type 'inlinehockey._common' exists in both 'c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\25321638\9b5c4b00\assembly\dl3\3657f4e6\cd91aef5_4d5cc601\inlinehockey.DLL' and 'c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\25321638\9b5c4b00\App_Code.xad_ajc1.dll'  The error was not knowing what dll to use for the type w...

Web resources about - Give access to non virtual folder through configuration entry? ERROR: <location> path attribute must be a relative virtual path. It cannot contain any of '?' ':' '\' '*' '"' '<' '>' or '|'. - asp.net.security

Resources last updated: 11/29/2015 7:16:56 PM