Medium-Trust File I/O permission

Question

According to this MSDN article about medium trust, under medium-trust:

FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.

However, for my current hosting provider runs applications under medium-trust and when I try to read/write a file in the application's root folder, I get a access to path 'myfile.xml' denied error.

This file is read using the following bit of code

XElement file = XElement.Load(HttpContext.Current.Server.MapPath("~/myfile.xml"));

Update Full Error:

Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[UnauthorizedAccessException: Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +12892935 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath) +2481
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +229 System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +102
System.Xml.XmlWriterSettings.CreateWriter(String outputFileName) +5224496
System.Xml.Linq.XElement.Save(String fileName, SaveOptions options) +108
mesoBoard.Services.SiteConfig.UpdateCache() +1971 mesoBoard.Web.MvcApplication.OnApplicationStarted() +62 Ninject.Web.Mvc.NinjectHttpApplication.Application_Start() +604

[HttpException (0x80004005): Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +3985477 System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +191
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +325 System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +407 System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +375

[HttpException (0x80004005): Access to the path 'C:\WebSites\mywebsite\myfile.xml' is denied.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +11524352
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +141
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +4782309

Answer 1

You need to make sure that the user account of the Application Pool running the website has read/write permissions to the file/folder. By default, I think you should have read permissions but not write permissions. Also, for security reasons, it might be a good idea to move that file out of the wwwroot folder into something that can't corrupt your entire application.

webdir/data
webdir/data/myfile.xml

webdir/wwwroot
webdir/wwwroot/default.aspx

Answer 2

Your IO permission sounds like it's just a permission issue with your file. I know what whenever I upload a file to my hosting provider, I have to login to their control panel and manually give the IIS account write access to it, as read access is the only permission granted automatically.

On another note, the location of your xml file poses a security issue. Try putting the file in the "~/App_Data/" folder, it's a special .NET folder that's more restricted than your data folder - at the moment I could go to www.yoursite.com/data/myfile.xml and download it, whereas any file in the App_Data folder can't be downloaded over the web.

http://stackoverflow.com/questions/528858/what-is-the-app-data-folder-used-for-in-visual-studio

Answer 3

You are using the XElement class. The namespace "System.Xml.Linq" is probably not allowed in your hosting "medium level" configuration. To use Linq in medium level trust, please follow the following procedure

Answer 4

I set up a website on GoDaddy and found that the only way I could enable write access, was to enable it for the whole web root but that might have just been the restriction for that hosting plan?