November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

UnauthorizedAccessException thrown creating new PageFiles folder

smithsson68@gmail.com
smithsson68@gmail.com
Vote:
 

I am trying to use the code example from Fredrik Haglund to allow an anonymous user to upload a file and store it in PageFiles but I get an UnauthorizedAccessException. It seem the creating of the PageFiles folder works but it's the EPiServer.Initialization.EventHandler.UnifiedDirectory_UnifiedDirectoryAdded method that is causing the problem by calling GetDirectory which in turn does an access check for AccessLevel.Read on the newly created directory. Any ideas to get around this?

Call stack below:

 

[UnauthorizedAccessException: You are not authorized to access /PageFiles/1835/]
   EPiServer.Web.Hosting.VirtualPathVersioningProvider.GetDirectory(String virtualPath) +317
   EPiServer.Web.Hosting.VirtualPathVersioningProvider.GetDirectory(String virtualPath) +50
   EPiServer.Web.Hosting.VirtualPathVersioningProvider.GetDirectory(String virtualPath) +50
   EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider.GetDirectory(String virtualDir) +98
   EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider.GetDirectory(String virtualDir) +98
   EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider.GetDirectory(String virtualDir) +98
   EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider.GetDirectory(String virtualDir) +98
   System.Web.Hosting.VirtualPathProvider.GetDirectory(String virtualDir) +21
   System.Web.Hosting.VirtualPathProvider.GetDirectory(String virtualDir) +21
   EPiServer.Web.Hosting.VersioningFileSystemSearchHandler.UpdateDirectory(String virtualPath) +72
   EPiServer.Initialization.EventHandler.UnifiedDirectory_UnifiedDirectoryAdded(UnifiedDirectory sender, UnifiedVirtualPathEventArgs e) +17
   EPiServer.Web.Hosting.UnifiedDirectoryEventHandler.Invoke(UnifiedDirectory sender, UnifiedVirtualPathEventArgs e) +0
   EPiServer.Web.Hosting.UnifiedDirectory.OnAdded(UnifiedVirtualPathEventArgs e) +70
   EPiServer.Web.Hosting.VersioningDirectory.CreateSubdirectoryInternal(String path) +360
   EPiServer.Web.Hosting.VersioningDirectory.CreateSubdirectory(String path, IContent accessValidatingContent) +193
   EPiServer.Web.Hosting.VersioningDirectory.CreateSubdirectory(String path, PageData accessValidatingPage) +9

 

#75478
Sep 26, 2013 15:47
Per Nergård
Per Nergård
Vote:
 

Which version of EPiServer? Ive done a fileupload block in EPiServer 7. 

#75481
Sep 26, 2013 16:04
smithsson68@gmail.com
smithsson68@gmail.com
Vote:
 

It's EPi 7 Per. I'll have a look at your fileupload block.

Thanks

P.S Have you blogged about it? Couldn't see it on EPiServer World and Google gave a blank.

#75507
Edited, Sep 27, 2013 9:22
Per Nergård
Per Nergård
Vote:
 

Hi Paul

 

I haven't blogged about it. Send me an email at: per dot nergard at knowit dot se so can I mail you the code.

#75511
Sep 27, 2013 10:18
smithsson68@gmail.com
smithsson68@gmail.com
Vote:
 

It seems my problem is that the page I am trying to save the page files for is not published. If the page is published then it works as nomal.

#75516
Sep 27, 2013 11:00
Erik Nordin Wahlberg
Erik Nordin Wahlberg
Vote:
 

We ran into that as well. Solved by setting bypassAccessCheck in episerverframework to true. But I guess on some sites you don't want to do that.

#75517
Sep 27, 2013 11:02
smithsson68@gmail.com
smithsson68@gmail.com
Vote:
 

Thanks Erik!

#75518
Sep 27, 2013 11:04
smithsson68@gmail.com
smithsson68@gmail.com
Vote:
 

Update from EPiServer: If the page isn't published then the user for the request has to at least Edit rights for the page. In my case the user is anonymous so doesn't have the rights.

#75519
Sep 27, 2013 11:18
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.