ASP.NET ascx control hosted in Sharepoint gets System.UnauthorizedAccessException when trying to save file

1
votes

We have an ascx custom control (not a web part) hosted in a special Sharepoint page. This page allows users to upload files to our server. Unfortunately permission issues are preventing Sharepoint from saving files to the network location.

The network account attributed to the application pool for the Sharepoint 2007 based site has "modify" and "read" access granted to the location.

We've logged in to a different machine using the credentials used by the application pool account and can create directories and files without any issue at the specified network location.

Is it possible Sharepoint is trying to use some other account to save these files rather than the one set on it's Application Pool in IIS7?

The error we're getting:

Message: Access to the path '\opal\gwl\pictures\L36' is denied.

Stack Trace: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, DirectorySecurity dirSecurity) at System.IO.Directory.CreateDirectory(String path, DirectorySecurity directorySecurity) at ECan.SharePoint.Web.Applications.MyECan_WaterMeterFormDatalogger.SavePhotos()

Exception Type: System.UnauthorizedAccessException

User: System Account

The code for the SavePhotos function in the ascx code behind file:

protected void SavePhotos()
{
    string wellNo = WellNo.Value;
    string epoWaterMeterID = EPO_WaterMeterID.Value;
    string dirRoot = ConfigurationManager.AppSettings["PhotoDir"];
    string map = wellNo.Substring(0, wellNo.IndexOf('/'));

    int photoSaveCount = 1;
    foreach (string filePath in Request.Files)
    {
        HttpPostedFile file = (HttpPostedFile)Request.Files[filePath];
        if (file.InputStream.Length > 0)
        {
            try
            {
                // Create dir if does not exist
                string dir = dirRoot + map;
                if (!Directory.Exists(dir)) Directory.CreateDirectory(dir);

                // Save file
                file.SaveAs(dir + @"\" + wellNo.Replace('/', '_') + "-" + epoWaterMeterID.ToString() + "-" + photoSaveCount.ToString() + ".jpg");

                photoSaveCount++;
            }
            catch (Exception ex)
            {
                Logger.Write(ex);
            }
        }
    }
}

Anyone have any ideas what the issue might be?

2
c#sharepointpermissionssharepoint-2007ascx

2 Answers

1
votes

I think you have to call the SavePhotos with elevated privildges. Running the code with elevated priviledges will executes the specified method with Full Control rights even if the user does not otherwise have Full Control.

See link:

http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges(v=office.12).aspx

Please try the below code:

protected void Button1_Click(object sender, EventArgs e)
{
   SPSecurity.CodeToRunElevated elevatedGetSitesAndGroups = new SPSecurity.CodeToRunElevated(SavePhotos);
   SPSecurity.RunWithElevatedPrivileges(elevatedGetSitesAndGroups);
}
0
votes

Have you tried to set the permission of the newly created directory or folder? You can do so by using the DirectorySecurity class within the System.Security.AccessControl Namespace, and specifically the SetAccessControl Method of that class.