This is a migrated thread and some comments may be shown as answers.

Upload Path Question

15 Answers 276 Views
Editor
This is a migrated thread and some comments may be shown as answers.
Erin
Top achievements
Rank 1
Erin asked on 09 Aug 2008, 04:39 PM
Hello, I have a problem with upload paths that I hope someone can answer.  I want to set the upload path of the RadEditor to a different drive (effectively outside of the application's directory).  This doesn't work because (I'm assuming here) I'm running in Medium Trust mode.  Is there a way around this by using virtual directories or something.  Anyone have any suggestions?

15 Answers, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 11 Aug 2008, 06:17 AM
Hi Erin,

Could you please, try the suggestions provided in the following KB article: Uploading images to the server (upload tab is disabled)? You should create a virtual directory of your web application that has a physical path pointing outside of your web application.

Best regards,
Rumen
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Erin
Top achievements
Rank 1
answered on 12 Aug 2008, 02:31 AM
Hi Rumen,

Thanks for the response, I figured that's what I need to do but I desperately need your help.  Since I will be using a virtual directory, and that virtual directory is outside of my application path, and my trust level has to be "Medium", how do I create subdirectories in the virtual directory dynamically?

The reason I ask is because every user should have their own subdirectory directory in this virtual directory and this subdirectory should be created during registration (if ~/images is the upload path then i want to dynamically in the aspx.cs file make a subdirectory for user1 in the virtual directory resulting in ~/images/user1).

How do I do this in C# 2.0?  I've looked high and low for an answer to this with no luck.  I would greatly appreciate your help on this.  Thanks...
0
Rumen
Telerik team
answered on 12 Aug 2008, 12:51 PM
Hello Erin,

What you need to do is write code that checks whether such a folder already exists on the server, and create it if it does not. The folder creation is a standard operation that is not related to RadEditor.

Then, when a user is logged and wishes to use the editor, setting the user's folder for this particular logged user is a matter of a single line of code, such as

  RadEditor1.ImageManager.ViewPaths = New String() {"~/Images/" + LOGGEDUSERID }

Thus each user will have access only to his/her folder, and be able to do whatever you let them do, without interfering with other users (and yes, if you have 100 users you will need to create 100 folders).

You can implement a FileSystemContentProvider and override the ResolveRootDirectoryAsTree and  ResolveRootDirectoryAsList functions

    protected void Page_Load(object sender, EventArgs e)
    {
        RadEditor1.ImageManager.ContentProviderTypeName = typeof(myprovider).GetType();
    }
    public class myprovider : Telerik.Web.UI.Widgets.FileSystemContentProvider
    {
        public override Telerik.Web.UI.Widgets.DirectoryItem ResolveRootDirectoryAsTree(string path)
        {
            //code
            return base.ResolveRootDirectoryAsTree(path);
        }
        public override Telerik.Web.UI.Widgets.DirectoryItem[] ResolveRootDirectoryAsList(string path)
        {
            //code
            return base.ResolveRootDirectoryAsList(path);
        }
    }

This will help you to create the directory when the user opens the image manager.


Best regards,
Rumen
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Erin
Top achievements
Rank 1
answered on 13 Aug 2008, 02:50 AM
Thanks again Rumen,

Creating the folder in the virtual directory has been my problem.  Haven't been able to google a source that has an example.  I know that part is not related to RadEditor but if you happen to know off the top of your head what C# function i need to use would you mind pointing me in the right direction?  If not, thanks for all your help so far...
0
Rumen
Telerik team
answered on 13 Aug 2008, 06:54 AM
Hi Erin,

I found the following forum thread (by searching in Google) which could be helpful for your medium trust scenario:
Trust Level for App_Data folder


Kind regards,
Rumen
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Erin
Top achievements
Rank 1
answered on 13 Aug 2008, 07:57 AM
Hi Rumen,

Thanks for the link.  I think their suggestion of modifying the medium trust's config file to allow access to the external directory will do the trick so that I can create the directory without going through the virtual directory.  I know this was out of the scope of these forums since it wasn't an issue with Telerik's controls so I appreciate the time you took to help me out.  You are awesome!

0
Erin
Top achievements
Rank 1
answered on 18 Aug 2008, 12:30 AM
Rumen,

So the suggestion in the article you gave helped me make some progress but I'm ultimately still not able to make this work.  After adding the external path to the web_mediumtrust.config file I can now create a directory directly from my code for the user and in the Image Manager, the user can create folders as well (this was not possible before). 

The problem still lies when I try to upload a file I get the following error:

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request failed.]
            System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +218
            System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +4426658
            System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) +105
            System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) +71
            System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +59
            System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +185
            System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant) +72
            


If I however change the trust level to 'Full' everything works fine (this isn't an option obviously because this a production application which needs to run in 'Medium').

Is it possible for you guys to reproduce this problem and let me know what you have to do to make this work with Rad Editor?  I'm sure this would be useful for other users who want the images uploaded to a different location.

Here is how I configured everything so that you can reproduce it:

Web application path is c:\WebApplication
Image Path is c:\Images

The identity of my application pool is network service so I gave c:\images read and write access to the network service user

In C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web_mediumtrust.config I modified the FileIOPermission node to be the following:
<IPermission
                                    class="FileIOPermission"
                                    version="1"
                                    Read="$AppDir$;c:\Images"
                                    Write="$AppDir$;C:\Images"
                                    Append="$AppDir$;C:\Images"
                                    PathDiscovery="$AppDir$;C:\Images"
                            />

I added a virtual directory to my web application project located in c:\webapplication and set the alias name to 'Images' and a physical path of 'c:\Images'

I set
radEditor.ImageManager.UploadPaths = radEditor.ImageManager.DeletePaths = radEditor.ImageManager.ViewPaths = new string[] { "~/Images/" };

Please help, I've spend hours upon hours on this and cannot proceed.  Your help is greatly appreciated
0
Rumen
Telerik team
answered on 19 Aug 2008, 07:51 AM
Hi Erin,

The file browser dialogs of RadEditor use the standard FileInput control for uploading files on the server. The security error is exactly due to the FileUpload control, but unfortunately we are not aware of any workarounds how to fix it.

Our suggestion is to make a test by adding a <asp:FileUpload ID="FileUpload1" runat="server" /> control to a WebForm and trying to upload a file to a virtual directory under Medium trust. We think that you will receive the same error as within the Image manager. If you success to workaround the problem with the ASP.NET FileUpload control then you will be able to workaroud the problem with the editor's managers.

Best regards,
Rumen
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Erin
Top achievements
Rank 1
answered on 19 Aug 2008, 09:06 AM
Hi Rumen,

This is quite a restrictive problem.  Can you please ask your developers that if the image manager is able to create folders why would the file upload module not be able to save a file?  Surly there must be a way around this.  I can't be the only one who wants to upload files to a virtual directory.  Thanks.
0
Rumen
Telerik team
answered on 19 Aug 2008, 11:41 AM
Hi Erin,

The problem is not related to RadEditor but to the FileUpload control that the dialog uses which does not work due to security restrictions under Medium trust level.

Could you please try a super-basic upload page under full trust and medium trust levels:

<body>
    <form id="form1" runat="server">
    <div>
        <asp:FileUpload ID="FileUpload1" runat="server" /><br />
        <br />
        <br />
        <asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Upload File" />&nbsp;</div>
    </form>
</body>

And the code-behind for it (this code is saving to App_Data - same idea as your scenario though with the images subdirectory):

    protected void Button1_Click(object sender, EventArgs e)
    {
        string fileName = FileUpload1.FileName;
        FileUpload1.SaveAs(Request.MapPath("~/Images/") + fileName);
    }

 The code is obtained from the following forum thread: Is MSDN documentation wrong on TRUST LEVEL for FileUpload control. I tested it and got the following error Security Exception when uploaded a file to a virtual directory outside of the web application under Medium trust level.

Do you receive Security Exception when uploading a file to a virtual directory pointing to a folder outside of the web application under Medium trust? If you are receiving such error then please workaround it (if it is possible) and share the solution with us. We will do our best to implement it with RadEditor.

Best regards,
Rumen
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Erin
Top achievements
Rank 1
answered on 20 Aug 2008, 02:26 AM
Hi Rumen,

I did what you asked and as you suspected, received the same error.  So am I basically hearing that you guys can reproduce the problem but don't know how to fix it either?  Didn't you guys build some kind of file upload control that we might be able to use in the image manager instead of microsoft's fileupload control?  Also, do you guys have the ability to open a support ticket with microsoft to maybe get their suggested workaround on this?  I've been searching the internet for the past hour and can't seem to find anything that would help....


Here is the exception below:

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request failed.]
            System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) +218
            System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException) +4426658
            System.Security.PermissionSetTriple.CheckSetDemand(PermissionSet demandSet, PermissionSet& alteredDemandset, RuntimeMethodHandle rmh) +105
            System.Security.PermissionListSet.CheckSetDemand(PermissionSet pset, RuntimeMethodHandle rmh) +71
            System.Security.PermissionListSet.DemandFlagsOrGrantSet(Int32 flags, PermissionSet grantSet) +59
            System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant, CompressedStack securityContext) +185
            System.Security.CodeAccessSecurityEngine.ReflectionTargetDemandHelper(Int32 permission, PermissionSet targetGrant) +72
            


0
Rumen
Telerik team
answered on 21 Aug 2008, 03:05 PM
Hi Erin,

There are obvious security implications with changing the trust level and it is not a bug or an omission at the MS side. In fact we agree with MS decision to restrict the file upload to folders outside of the web application in Medium trust.

Yes, we have a file upload control named RadUpload, but the controls is based on the asp:FileUpload control and it will also not work in your scenario under Medium trust.

Best regards,
Rumen
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Erin
Top achievements
Rank 1
answered on 22 Aug 2008, 06:30 AM
Rumen,

After wasting an unholy amount of time on this issue, I found out that this is in fact a problem caused by Telerik and not Microsoft.  After your last post I threw in the towel and removed the virtual directory and pointed the imagemanager to a directory inside of the application's folder and I still received a security exception.  I then tried pointing the fileupload example to that directory inside of the application folder and again, security exception.  After narrowing down the problem, I discovered that when I removed the following line from the web.config that everything works properly and I can even access the virtual directory whose physical path is outside of the application's root in Medium trust mode: 

Here is the culprit:

<system.webServer>
        <modules>
            <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule, Telerik.Web.UI" preCondition="managedHandler" />

So now that we've determined that it's a Telerik problem again, why is this module causing a problem with security and how do we fix it?



0
Erjan Gavalji
Telerik team
answered on 25 Aug 2008, 04:19 PM
Hi Erin,

I'm sorry for this problem not being solved so far. Please, excuse us for the inconvenience. We are doing some deeper research now and we will get back once we have some clues.

Best regards,
Erjan Gavalji
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
0
Accepted
Erjan Gavalji
Telerik team
answered on 26 Aug 2008, 10:57 AM
Hi Erin,

In a simple scenario you can simply remove the RadUploadHttpModule registration from the web.config file. What I mean is the following:
    RadUploadHttpModule is required to monitor upload progress (using the RadProgressManager and RadProgressArea controls). To operate normally, it needs to run under a Full trust level. If your website does not need upload progress monitoring, you can safely remove the RadUploadHttpModule registration from the web.config file.

I believe I could be missing something, e.g. you might have a multi-application website, where different level sites are configured separately, etc., so please, let me know if I can help further.

Best regards,
Erjan Gavalji
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Tags
Editor
Asked by
Erin
Top achievements
Rank 1
Answers by
Rumen
Telerik team
Erin
Top achievements
Rank 1
Erjan Gavalji
Telerik team
Share this question
or