Back to Community Threads
1
(5) Access is denied
Question asked by Rick Rios - 7/29/2019 at 3:25 PM
Answered
I'm running into an issue while in evaluation. I set up the most basic example on my localhost (IIS 7) and it works flawlessly. When I do the same on our dev site and our live site I get "Document Load Error: (5) Access is denied." I've compared IIS_IUSR in both situations and they have the same permissions to the respective directories. I've even put the target file and the code in a directory that has modify and write permissions but it has no effect.

If anyone can offer any insight it would be great appreciated.

9 Replies

Reply to Thread
1
Cem Alacayir Replied
7/30/2019 at 6:15 AM
Employee Post
Use this code on your host page to display the actual Windows user that is currently being used:

WindowsIdentity.GetCurrent().Name
This reason you get "Access is denied" is probably because this identity is different than your localhost. For example if impersonation in your site is used or if IIS AppPool identity is set to another user, it can change. You should make the permissions are correct for this displayed user.
0
Rick Rios Replied
7/30/2019 at 9:16 AM
Hi Cem,

thank you for your response. The user is "IIS/APPPOOL." I tested this same user using System.IO on the same page and against the same file and was able to see and read the content yet I still get the same error.
1
Cem Alacayir Replied
7/31/2019 at 12:36 AM
Employee Post
Strange. 

Firstly IIS AppPool is a group name so you should see something specific like IIS AppPool\DefaultAppPool.

>  tested this same user using System.IO on the same page and against the same file and was able to see and read the content  

Do you have impersonation in application? For example do you have <identity impersonate="true"> tag in your Web.config?

Also how do you set the documentViewer.Document property. Do you specify a single path or do you provide credentials in  documentViewer.DocumentLocation? Is it a very long path?
0
Rick Rios Replied
7/31/2019 at 8:56 AM
Definitely...
• WindowsIdentity.GetCurrent().Name does actually return more but I didn't feel comfortable posting that information in an open forum.
• No impersonation in our web.config. Do you recommend using it?
• I haven't used DocumentLocation so far.
• All I'm doing so far is documentViewer.Document = "/g/test.txt"
• Here's everything in my code-behind:

If IO.File.Exists(Server.MapPath("/g/test.txt")) Then
    litDisplay.Text &= "File found!<br />"    Dim testext As String = ""    Using reader As New IO.StreamReader(Server.MapPath("/g/test.txt"))        testext = reader.ReadToEnd    End Using    litDisplay.Text &= "<br /><br />" & testextElse
    litDisplay.Text = "File not found"End If

documentViewer.Document = "/g/test.txt"
1
Cem Alacayir Replied
8/1/2019 at 1:13 AM
Employee Post Marked As Answer
It's probably about using a virtual path like "/g/test.txt". It seems for some reason it's not resolved correctly. You can try the full physical path or an application relative path like "~/g/test.txt" (tilde sign means root of your app so construct the path from there)
0
Cem Alacayir Replied
8/6/2019 at 6:29 AM
Employee Post
For future reference, we have released a new version which includes some features to troubleshoot permission issues more easily.

Version 4.8.0 - August 6, 2019
  • Improved: Detailed "Access Denied" error messages will be shown to troubleshoot insufficient permission issues.The error message will include the safe display path and current windows identity.

  • Added: DocumentViewer.DebugMode property for displaying detailed error messages for troubleshooting.Exceptions will be displayed with stack trace, inner exceptions and data. The details will be shown in a textbox on the error dialog when this property is set to true. This property should not be set to true permanently on production as the exception details can reveal security sensitive information like server file paths.
0
John Tsombakos Replied
6/9/2020 at 1:12 PM
I know this is an old thread, but I'm running into this in a very simple .Net Core Razor pages app. The first time the document is viewed, the conversion process runs, then the document is displayed fine. The cache is in the App_Data/DocumentCache directory. If I go back to a previous page, then go to the viewer page, I get the error:
Access to the path "[DocumentCache]:\lock-1hshdfq~1us1d15~1us1d15~18km525.xpz" is denied due to insufficient permissions. Please make sure the current windows identity "JOHNDEV\John Tsombakos" has the required permissions on the path. That user is my current user, and that user has full permissions to App_Data\DocumentCache directory. If I just click the refresh button, the document loads up just fine.

More details:
{
"Type": "GleamTech.AspNet.Core.AspNetCoreException",
"Message": "Access to the path \"[DocumentCache]:\\lock-1hshdfq~1us1d15~1us1d15~1uwjqqe.json\" is denied due to insufficient permissions. Please make sure the current windows identity \"JOHNDEV\\John Tsombakos\" has the required permissions on the path.",
"StackTrace": " at GleamTech.DocumentUltimate.AspNet.UI.DocumentViewerHandler.DownloadDocument(String stateId, String cacheInfoKey)\r\n at GleamTech.Reflection.MethodInvoker._aY._d7(Object instance, Object[] parameters)\r\n at GleamTech.Reflection.MethodInvoker.Invoke(Object instance, Object[] parameters)\r\n at GleamTech.Reflection.MethodInvoker.GleamTech.Reflection.IMethodInvoker.Invoke(Object instance, Object[] parameters)\r\n at GleamTech.AspNet.JsonMethodHandler.ExecuteMethod(MethodConfig methodConfig, Object[] parameterValues)\r\n at GleamTech.AspNet.UI.ComponentHandler`1.ExecuteMethod(MethodConfig methodConfig, Object[] parameterValues)\r\n at GleamTech.AspNet.JsonMethodHandler.Execute()\r\n at GleamTech.AspNet.Core.WebActivationMiddleware.Invoke(HttpContext context, IHostingEnvironment env)",
"InnerException": {
"Type": "GleamTech.DocumentUltimate.AspNet.UI.DocumentViewerException",
"Message": "Access to the path \"[DocumentCache]:\\lock-1hshdfq~1us1d15~1us1d15~1uwjqqe.json\" is denied due to insufficient permissions. Please make sure the current windows identity \"JOHNDEV\\John Tsombakos\" has the required permissions on the path.",
"InnerException": {
"Type": "GleamTech.FileSystems.FileSystemException",
"Message": "Access to the path \"[DocumentCache]:\\lock-1hshdfq~1us1d15~1us1d15~1uwjqqe.json\" is denied due to insufficient permissions. Please make sure the current windows identity \"JOHNDEV\\John Tsombakos\" has the required permissions on the path.",
"StackTrace": " at GleamTech.FileSystems.Physical.PhysicalFileSystem.DoCreateLock(BackSlashPath relativeName)\r\n at GleamTech.FileSystems.FileSystem.CreateLock(String fileName)\r\n at GleamTech.FileSystems.FileSystemLockProvider.GetLock(String name)\r\n at _PV._Y0(DistributedLock currentRequest, IDistributedLockProvider _provider)\r\n at _PV._p4(DistributedLock lockRequest, IDistributedLockProvider _provider)\r\n at GleamTech.DistributedLocking.DistributedLockManager.TryLock(Object requester, String name, Int32 timeoutSeconds, IDistributedLockProvider provider, DistributedLock& grantedLock)\r\n at GleamTech.DistributedLocking.DistributedLockManager.Lock(Object requester, String name, Int32 timeoutSeconds, IDistributedLockProvider provider)\r\n at GleamTech.Caching.FileCache._DY(FileSystem fileSystem, String lockName)\r\n at GleamTech.Caching.FileCache._Py(FileCacheKey cacheKey, String relativeName)\r\n at GleamTech.Caching.FileCacheItem.OpenRead()\r\n at GleamTech.DocumentUltimate.AspNet.DocumentCache.LoadCacheInfo(FileCacheKey cacheInfoKey)\r\n at GleamTech.DocumentUltimate.AspNet.UI.DocumentViewerHandler.DownloadDocument(String stateId, String cacheInfoKey)",
"InnerException": {
"Type": "System.UnauthorizedAccessException",
"Message": "Access to the path 'C:\\Users\\John Tsombakos\\source\\repos\\DocViewer\\DocViewer\\wwwroot\\App_Data\\DocumentCache\\lock-1hshdfq~1us1d15~1us1d15~1uwjqqe.json' is denied.",
"StackTrace": " at System.IO.FileStream.ValidateFileHandle(SafeFileHandle fileHandle)\r\n at System.IO.FileStream.CreateFileOpenHandle(FileMode mode, FileShare share, FileOptions options)\r\n at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)\r\n at GleamTech.FileSystems.Physical.FileInfoWrapper.Open(FileMode mode, FileAccess access, FileShare share, FileOptions options)\r\n at GleamTech.FileSystems.Physical.PhysicalFileSystem.DoCreateLock(BackSlashPath relativeName)"
}
}
}
}
0
daniel wanyoike Replied
4/24/2021 at 12:49 AM
I also got this error,,please help me

Access to the path "[DocumentCache]:\lock-1hshdfq~xddqcf~xddqcf~1n6lbj1.json.lock" is denied due to insufficient permissions. Please make sure the current windows identity "IIS APPPOOL\DefaultAppPool" has the required permissions on the path. 
0
Cem Alacayir Replied
4/28/2021 at 3:36 PM
Employee Post
FYI, this issue should be fixed in latest Version 5.9.6 - April 28, 2021:

Fixed: DocumentViewer or DocumentCache threw below error intermittently on some machines when using physical file system for cache:
"Access to the path "[DocumentCache]:\lock-****.json.lock" is denied due to insufficient permissions."
The error was not really a permission error but a multi-thread file access error.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Version History of FileVistaFileVista
Version History of FileUltimateFileUltimate
EULA for DocumentUltimateDocumentUltimate
Using DocumentViewer on multi-server or cloud like AzureDocumentUltimate > Troubleshooting
EULA for VideoUltimateVideoUltimate