Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

You are not authorized to create directories under /PageFiles/

Vote:
 

Hello,

We have developed an application which copies an EPiServer content tree to another location in the tree. The application works fine in a development environment, and in a testing environment. However in the live environment, we get the following error message:

 

[Importing page 1315_1597] Can't copy page, because: You are not authorized to create directories under /PageFiles/

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: EPiServer.Core.EPiServerException: [Importing page 1315_1597] Can't copy page, because: You are not authorized to create directories under /PageFiles/

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:

[EPiServerException: [Importing page 1315_1597] Can't copy page, because: You are not authorized to create directories under /PageFiles/]

   EPiServer.LocalPageProvider.Copy(PageReference pageLink, PageReference destinationLink, Boolean publishOnDestination, Boolean allowThreading) +482

   EPiServer.DataFactory.Copy(PageReference pageLink, PageReference destinationLink, AccessLevel requiredSourceAccess, AccessLevel requiredDestinationAccess, Boolean publishOnDestination, Boolean allowThreading) +320

...

 

The line on which we get the exception is:

PageReference CopiedPage = DataFactory.Instance.Copy(SourcePage, new PageReference(Properties.Settings.Default.ClubHomePage), AccessLevel.NoAccess, AccessLevel.NoAccess, true, false);

We believed it had something to do with the folder-permissions of the pagefile folder in our VPP folder, but we have tried almost every security setting there with no results. Now we have even given 'Everyone' full access on our VPP folder, but still no success.

 

After crashing, when we open the copied page in Edit mode in the CMS backend, we get the same error. However when we go to the file explorer and create a pagefile folder for this page, the page works fine.

 

Can the problem be anything else but the folder permissions in the VPP folder? Any help would be greatly appreciated.

 

Thanks!

Jasper


 

#56069
Jan 03, 2012 15:31
Vote:
 

Have you tried settings bypassAccessCheck to false for the pagesfiles-vpp?

#56076
Jan 03, 2012 19:31
Vote:
 

Yes, setting bypassAccessCheck for pagefiles to True works! Thanks!

However, we are a bit hesitant to bypass access checks on a production server. What are the securty risks when bypassing the Access Checks? The access check do not seem to check the folder permissions (since we set the rights to full control and it still didn't work). Do they check internal access rights for the EPiServer user?

#56080
Jan 04, 2012 10:56
Vote:
 

I'm not totally sure about this but.. If set bypassAccessCheck to true to page files, the visitor, if they know the path to a certain file withing a page file-folder, can access those files to pages that are not published or pages that they do not have access to.

Since you are using a NoAccess way to copy the page I guess another solution would be to impersonate a user with the right access to create folder in page files. I wrote a blog post about that a while ago: http://antecknat.se/blog/2009/03/04/scheduled-tasks-tips/

 

#56081
Edited, Jan 04, 2012 11:05
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.