Handling access to path x is denied - overriding directorylister?

5 posts, 0 answers
  1. James
    James avatar
    70 posts
    Member since:
    Jun 2009

    Posted 21 May 2010 Link to this post

    Hi, we have a scenario as follows:

    We are using impersonation to send the windows credentials of the logged in user (NOT ASP user) to the file system.

    The token is checked and the appropriate folders are displayed for that user.

    The root folder is set to allow all users to view the contents of THIS FOLDER ONLY. Permissions are then set via NTFS per folder under the root folder.

    SO EVERYONE CAN SEE THE LIST OF FOLDER UNDER THE ROOT FOLDER.

    If we have 3 folders under the root folder, I want to list these 3 folders for the user. If they then try to navigate to one of the sub folders, the user’s NTFS permissions are  used to determine if they can enter the folder, and if so, if they can read/write, etc in that folder.

     

    This all works with the radfileexplorer EXCEPT that if a user does not have read or write permissions to one of the sub folders the control first triggers a windows challenge response, then you get an access to path “x” is denied error.

    This behaviour is fine, as long as I can TRAP and handle this. I assume I need to override either the  
    FileSystemContentProvider.ResolveRootDirectoryAsTree function or
    DirectoryLister.GetDirectory function.

     

    I assume the problem is that the file explorer control is reading the root folder, then trying to read the contents of the sub folders in the root. As the user does not have any permissions to this folder, this causes the problem.

    The only change I want to make is that it either doesn’t attempt to read sub folders when creating the root (I assume this is done in resolverootdirectoryastree).

    If the user then tried to access a folder that they do not have access to, I would like to be able to handle this as well.

    I have a much simpler page which has this functionality. When I list the files and fodlers in a direcotyr I simply encapsulate it in a try and catch – this allows me to handle the access is denied error:

     

    Try

                Dim arrFiles As New ArrayList

                arrFiles.AddRange(myDir.GetFiles)

     

                Dim arrFolders As New ArrayList

                arrFolders.AddRange(myDir.GetDirectories)

            Catch ex As Exception

                Literal1.Text = ("<script language=""javascript"">alert('Error reading path: " & myDir.FullName.Replace(lblRootPath.Text, "[Root Folder]\").Replace("\", "\\") & "\n\n" & ex.Message.Replace(lblRootPath.Text, "[Root Folder]\").Replace("\", "\\").Replace("'", "\'") & "');</script>")

     

            End Try

     

    The trace for the error is below:

    UnauthorizedAccessException: Access to the path 'C:\denzien_docs\james cannot get in here' is denied.]

       System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +2001955

       System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption) +1817

       System.IO.DirectoryInfo.GetDirectories(String searchPattern, SearchOption searchOption) +57

       System.IO.DirectoryInfo.GetDirectories() +11

       Telerik.Web.UI.Widgets.DirectoryLister.GetDirectories(DirectoryInfo directory, String parentPath) +24

       Telerik.Web.UI.Widgets.DirectoryLister.GetDirectory(DirectoryInfo dir, String virtualName, String location, String fullPath, String tag) +150

       Telerik.Web.UI.Widgets.FileSystemContentProvider.ResolveRootDirectoryAsTree(String path) +210

       Telerik.Web.UI.RadFileExplorer.HasSubFolders(String virtualPath) +73

       Telerik.Web.UI.RadFileExplorer.PopulateTreeNode(RadTreeNode currNode) +315

       Telerik.Web.UI.RadFileExplorer.BindExplorer() +627

       Telerik.Web.UI.RadFileExplorer.OnLoad(EventArgs e) +166

       System.Web.UI.Control.LoadRecursive() +47

       System.Web.UI.Control.LoadRecursive() +131

       System.Web.UI.Control.LoadRecursive() +131

       System.Web.UI.Control.LoadRecursive() +131

       System.Web.UI.Control.LoadRecursive() +131

       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436

     

  2. Fiko
    Admin
    Fiko avatar
    1406 posts

    Posted 26 May 2010 Link to this post

    Hi James,

    The scenario that you need to implement is not covered by RadFileExplorer. You can control the folders and files that are shown in RadFileExplorer, but you cannot send messages to the browser (for example, calling JavaScript alert from the server) from the ResolveRootDirectory and ResolveRootDirectory methods. This limitation applies to these method because they are called using CallBack requests. Please note that the performance of the RadFileExplorer control is much better using CallBacks compared to AJAX updates and for the time being we do not plan to change this behavior.

    I hope this is not a big show stopper for you.

    Regards,
    Fiko
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. Paul
    Paul avatar
    6 posts
    Member since:
    Sep 2007

    Posted 27 Oct 2010 Link to this post

    Hello - I have a similar need.  
    However - I do not care about sending messages to the browser.  
    In my scenario, I would use impersonation so that application would be running under the user's permissions.  

    Currently, if the user does not have permissions to a folder or even just a subfolder within a folder of the root of the application, the application fails. with the error that the previous poster used.  

    I would simply perfer to not display the folder and/or files that the user does not have access to.

    Would you happen to have a sample implementation of a FileSystemContentProvider which already works with files that could be modified to do this?

    Thanks!
    Paul
  5. Fiko
    Admin
    Fiko avatar
    1406 posts

    Posted 02 Nov 2010 Link to this post

    Hi Paul,

    In your case you need to override the ResolveRootDirectory and ResolveRootDirectory methods of the  Telerik.Web.UI.Widgets.FileSystemContentProvider class (which is the default provider used in RadFileExplorer) in order to filter the folders that do not have required permissions. You can check the permissions of the folder using the methods provided in the System.IO namespace.

    Sincerely yours,
    Fiko
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Paul
    Paul avatar
    6 posts
    Member since:
    Sep 2007

    Posted 02 Nov 2010 Link to this post

    James,
    Thanks for your reply.   While waiting fora response, I was able leverage the sample provided here..

    http://www.telerik.com/help/aspnet-ajax/radfileexplorer-custom-filebrowsercontentprovider.html

    to do what I needed.  It was probably the hard way to do it, but with some additional error handling and security checking, the results seem pretty good!

    Thanks!
    Paul
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017