0
Fixed

Permission issues with pluggable views and connector images when using IIS

Matthew Clark 7 years ago • updated by anonymous 3 years ago 9

The following error appears for pluggable views when using IIS. The issue may be to do with the permission set required by the IIS user, although I am logged on as the local and domain Administrator account and using Windows authentication:

System.UnauthorizedAccessException: Access to the path 'C:\Program Files\UNIFY Solutions\Identity Broker\Web\Views\Temp\Connector\ExtendedDisplayConnector\Unify.Connectors.PlaceholderDisplayConnector.cshtml' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize)
at System.IO.StreamWriter..ctor(String path, Boolean append)
at Unify.Framework.Web.UnifyRazorViewEngine.CreateView(ControllerContext controllerContext, String path) in c:\Program Files (x86)\Jenkins\jobs\Framework Core (DEV)\workspace\Source\Web\Unify.Framework.Web\Razor\UnifyRazorViewEngine.cs:line 110
at Unify.Framework.Web.UnifyRazorViewEngine.CreatePartialView(ControllerContext controllerContext, String partialPath) in c:\Program Files (x86)\Jenkins\jobs\Framework Core (DEV)\workspace\Source\Web\Unify.Framework.Web\Razor\UnifyRazorViewEngine.cs:line 134
at System.Web.Mvc.VirtualPathProviderViewEngine.FindPartialView(ControllerContext controllerContext, String partialViewName, Boolean useCache)
at System.Web.Mvc.ViewEngineCollection.Find(Func`2 lookup, Boolean trackSearchedPaths)
at System.Web.Mvc.PartialViewResult.FindView(ControllerContext context)
at System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.<>c_DisplayClass1c.<InvokeActionResultWithFilters>b_19()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

Additionally connector images are not coming through.

Affected Versions:
Fixed by Version:

Same occurs when trying to create a chris21 connector:

System.UnauthorizedAccessException: Access to the path 'C:\Program Files\UNIFY Solutions\Identity Broker\Web\Views\Temp\Connector\ExtendedCreateConnector\Unify.Connectors.Frontier.Chris21InitialCreationStep.cshtml' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath)...

The issue here was found to be permissions related. The default application pool identity is given Users and IIS Users membership, which on my machine did not have write permissions to the Web directory. By following the suggestions here and here, I was able to add custom permissions for my application pool identity (which is the recommended path for finetuning these permissions). I have updated IDB40:Prerequisites, and this may also need to be noted when the IIS configuration documentation is added.

Tony, I'm pretty happy that we're in the clear with this one. As you also encountered this issue, could you please confirm that these steps address the permission issues you encountered? I had only configured this against IIS 7.5.

Reopening.

In the event that this error could occur, the default XML view should be used for connectors and transformations, and the TempData message should log a nicer exception. This will involve modifying IdentityBrokerModifyOnServer with methods for handling post sinks and stream sources not being present, as well as moving the default XML view for connectors and transformations to Studio rather than Service.

Lowering priority of remaining work

Assigned to Tony. Just need to add the pluggable XML view for connectors and transformations (if this hasn't been done already)

I need to confirm this in either prdgrp-test1/Local in IIS - pending updated installer.

Misunderstood requirements on previous resolution - this can be closed as we will not be defaulting to an XML view, as this would require documentation of the underlying XML of each connector for the above reason only.