(5) Access is denied
Question asked by Rick Rios - July 29 at 3:25 PM
Answered
I'm running into an issue while in evaluation. I set up the most basic example on my localhost (IIS 7) and it works flawlessly. When I do the same on our dev site and our live site I get "Document Load Error: (5) Access is denied." I've compared IIS_IUSR in both situations and they have the same permissions to the respective directories. I've even put the target file and the code in a directory that has modify and write permissions but it has no effect.

If anyone can offer any insight it would be great appreciated.

6 Replies

Reply to Thread
1
Cem Alacayir Replied
Employee Post
Use this code on your host page to display the actual Windows user that is currently being used:

WindowsIdentity.GetCurrent().Name
This reason you get "Access is denied" is probably because this identity is different than your localhost. For example if impersonation in your site is used or if IIS AppPool identity is set to another user, it can change. You should make the permissions are correct for this displayed user.


0
Rick Rios Replied
Hi Cem,

thank you for your response. The user is "IIS/APPPOOL." I tested this same user using System.IO on the same page and against the same file and was able to see and read the content yet I still get the same error.
1
Cem Alacayir Replied
Employee Post
Strange. 

Firstly IIS AppPool is a group name so you should see something specific like IIS AppPool\DefaultAppPool.

>  tested this same user using System.IO on the same page and against the same file and was able to see and read the content  

Do you have impersonation in application? For example do you have <identity impersonate="true"> tag in your Web.config?

Also how do you set the documentViewer.Document property. Do you specify a single path or do you provide credentials in  documentViewer.DocumentLocation? Is it a very long path?
0
Rick Rios Replied
Definitely...
• WindowsIdentity.GetCurrent().Name does actually return more but I didn't feel comfortable posting that information in an open forum.
• No impersonation in our web.config. Do you recommend using it?
• I haven't used DocumentLocation so far.
• All I'm doing so far is documentViewer.Document = "/g/test.txt"
• Here's everything in my code-behind:

If IO.File.Exists(Server.MapPath("/g/test.txt")) Then
    litDisplay.Text &= "File found!<br />"    Dim testext As String = ""    Using reader As New IO.StreamReader(Server.MapPath("/g/test.txt"))        testext = reader.ReadToEnd    End Using    litDisplay.Text &= "<br /><br />" & testextElse
    litDisplay.Text = "File not found"End If

documentViewer.Document = "/g/test.txt"


1
Cem Alacayir Replied
Employee Post Marked As Answer
It's probably about using a virtual path like "/g/test.txt". It seems for some reason it's not resolved correctly. You can try the full physical path or an application relative path like "~/g/test.txt" (tilde sign means root of your app so construct the path from there)
0
Cem Alacayir Replied
Employee Post
For future reference, we have released a new version which includes some features to troubleshoot permission issues more easily.

Version 4.8.0 - August 6, 2019
  • Improved: Detailed "Access Denied" error messages will be shown to troubleshoot insufficient permission issues.The error message will include the safe display path and current windows identity.

  • Added: DocumentViewer.DebugMode property for displaying detailed error messages for troubleshooting.Exceptions will be displayed with stack trace, inner exceptions and data. The details will be shown in a textbox on the error dialog when this property is set to true. This property should not be set to true permanently on production as the exception details can reveal security sensitive information like server file paths.

Reply to Thread