How can I set folder permissions for elastic beanstalk windows application? - windows

I am currently building a C# WebApi 2 application that I will be uploading to an Amazon Elastic Beanstalk instance to deploy. I am having success so far, and on my local machine, I just finished testing the file upload capability in order for clients to upload images.
The way it goes is I accept the multipart/formdata in the Web Api and save the temp file (with a random name like BodyPart_24e246c7-a92a-4a3d-84ef-c1651416e667) to the App_Data folder. The temporary file is put into an S3 Bucket and I create a reference in my SQL Server database to it.
Testing works fine with single or multiple file uploads locally but when I deploy the application to Elastic Beanstalk and try to upload I get errors like "Could not find a part of the path 'C:\inetpub\wwwroot\sbeAPI_deploy\App_Data\BodyPart_8f552d48-ed9b-4ec2-9986-88cbffd673ee'" or a similar one saying access is denied altogether.
I have been trying to find the solution online for a few hours now, but the AWS documentation is all over the place and tutorials/other questions seem to be outdated. I believe it has something to do with not having permission to write the temporary files on the EC2 server, but I can't figure out how to fix it.
Thanks very much in advance.

This is already possible since April 2013, see also here: Basically the steps you need to perform are the following:
Create a folder called .ebextensions in the top-level of your project through the solution explorer
Add in this folder your configuration file e.g myapp.config (replace myapp with your Elastic Beanstalk's app name)
Add the code displayed underneath to this configuration file you just created. Replace MyApp with your project name (not solution name) displayed in Visual Studio
All set!! Be sure there's a file within App_Data otherwise Visual Studio won't publish it.
{
"containercommands": {
"01-changeperm": {
"command": "icacls \"C:/inetpub/wwwroot/MyApp_deploy/App_Data\" /grant DefaultAppPool:(OI)(CI)"
}
}
}

To give write permission to your DefaultAppPool you can
create an .ebextensions folder
create a config file and place it in your .ebextensions folder
This will change permission to your wwwroot folder
container_commands:
01-changeperm :
command : 'icacls "C:\\inetpub\\wwwroot" /grant "IIS APPPOOL\DefaultAppPool:(OI)(CI)F"'

I had the same problem (unable to write to a file in the App_Data folder of my web application on Elastic Beanstalk).
In my case it was sufficient to create a dummy file in the App_Data folder in my Visual Studio project. When I did this, the App_Data folder was created during deployment with permissions that allow the web application to write to it.
No need for .ebextensions to change folder permissions.

The App_Data folder does not have write permissions by default, and you would have to set appropriate permissions during deployment of your apps.
Check out this post for a detailed explanation of how to do it: http://thedeveloperspace.com/granting-write-access-to-asp-net-apps-hosted-on-aws-beanstalk/

This question is pretty old but for anyone else who ends up having the same issue. I had the same issue with AWS. Connect to your instance and change the properties for the folder you want to upload files to. Select the folder you want to grant read/write access to. Click on properties and set the permissions that way.
My issue was with uploading images to the server. I couldn't put it in the App_Data folder since that is a special offer reserved for the app only and I needed the images to be accessible through the URL. So I created another folder "Uploads". Published my api then connected to the instance through remote desktop. Located the Content folder, and set the properties to read/write for DefaultAppPool. That solved my problem, hope this helps someone out there.

Related

What is the purpose of the jenkins User folder and what are these config files?

In my Jenkins home dir I see these configs for all my users:
"c:\Program Files (x86)\Jenkins\users\someuser\config.xml"
What is this config? Looks like its caching their sessions or something? Do I need to backup these files? What woudl the impact be if the users folder got deleted?
I should add that Im using active directory for auth so these aren't internal jenkins users they are AD users. Which is why Im wondering what config jenkins is keeping for them
You should backup those indeed. These folders contain user-specific configuration data, like public keys or api access tokens (see user's "configure" menu in the Web interface).

Programmatically detecting if a folder is a cloud local folder

Is there a way of detecting whether a particular folder is being used as the local store for cloud storage in Windows? The default name of the local cloud store folder seems to be the name of the Cloud provider (eg OneDrive, Google Drive, Dropbox) and local cloud folders are given distinctive icons. Folder and files within the local store also have additional icons indicating their sync status. However, users may rename local cloud store folders. Is there any folder attribute accessible from C# that will allow me to determine if a folder is a local cloud store?
There is a possibility that you can use storageFolder.Provider.Id
documenting link: https://learn.microsoft.com/en-us/uwp/api/windows.storage.storagefolder.provider?view=winrt-19041
exemple: var provider = storageFolder.Provider;
1 - Exemple application in code
2 - Exemple application in code

Symfony 3 permissions var/cache

I am setting up Symfony 3 for a web project. I have installed it as per the SymfonyBook. When I test by accessing config.php in the web folder from the browser I get the following messages:
Major problems have been detected and must be fixed before continuing:
- Change the permissions of either "app/cache/" or "var/cache/" directory so that the web server can write into it.
- Change the permissions of either "app/logs/" or "var/logs/" directory so that the web server can write into it.
I have already set up the permissions as described in the Symfony Book using setfacl and checked them www-data is the group owner of var folder and the cache, logs and sessions sub folders and the folder and file permissions are set to 775.
Please note this is Symfony 3 file structure not Symfony 2.
has anyone had a similar experience and managed to find a solution?
olved the problem. I had set the permissions in the project directory but I have set it up using PHPStorm to copy the files to a local server and I had not changed the permissions on the server. Apologies first time I has used this feature in PHPStorm as i usually work in the served directory.

How to get a file after uploading it to Azure Storage

I had uploaded files mostly media files to Azure's File Storage, which I am able to see in Azure's Explorer as well. But when I view the file as anonymous user, I am not able to view the file. Tried to check with Permissions setting as well, but to no avail.
Any help would be welcomed :)
Azure files have Shared Access Signatures (SAS). This is a key that you compute with the storage account key, that gives access to a particular URL. Here is an example (storage account name is obfuscated here):
https://mystorageaccount.file.core.windows.net/sampleshare/2.png?sv=2015-04-05&sr=f&si=sampleread&sig=Zq%2BfflhhbAU4CkCuz9q%2BnUFEM%2Fsg2PbXe3L4MeCC9Bo%3D&sip=0.0.0.0-255.255.255.255
You have sample code on how to create a SAS with Azure files at https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/, ยง"Generate a shared access signature for a file or file share".
You can also do it interactively with a number of tools. For instance, CloudXPlorer has this feature.

Make Files Accessible by Perl Script but Blocked from Web Access - IIS6

I am using perl on a windows 2003 server with IIS6. I have written a script that needs to access confidential files uploaded by the user. The files are stored in a folder in the cgi-bin. However, I do not want the files to be accessible via weblink. So, I have 'read access' for this particular folder disabled in IIS.
The files are not accessible via weblink, but I need for the user to be able to open the documents that he/she uploaded.
The users logins (usernames and passwords) are stored in the cgi-bin in a csv file.
I've searched the database but couldn't find anything exactly matching this situation.
Any ideas would be greatly appreciated!
Unless I've misunderstood your question, you're trying to limit user access at the application level, not the service level.
If you want users of your web app to be able to access files that they uploaded then your authorization check needs to be done in the application, as opposed to at the edge (by web server).
So every uploaded file is tagged with it's owner (a database record, or a per-owner directory) and access to files is restricted by a small bit of code that checks the authenticated user against the file owner.
The directory in which the files live is readable and writable by the web server user, as that's the user the perl will run as, but it is not configured into IIS as availble for regular HTTP GET access.
It is neither under the HTML document root, nor under the CGI-BIN directory. It is a completely separate directory.

Resources