5

I am trying to deploy an ASP.NET application the Windows Azure cloud. I am using Google API for one of the calls in the application. When I do this, I get the following error:

System.UnauthorizedAccessException: Access to the path 'Google.Apis.Auth' is denied.`

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.`

To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.`

I tried researching this, but all the suggestions talk about changing the IIS server settings, which I don't believe I have access to since this is running in the cloud. Can anyone help?

EDIT: here is the code for the function that's giving the error:

 Async Function SpecialTest() As Task(Of String)

    Dim credential As UserCredential
    Dim clientSecretsPath As String = Server.MapPath("~/App_Data/client_secret.json")
    Dim scopes As IList(Of String) = New List(Of String)()
    scopes.Add(CalendarService.Scope.Calendar)
    Dim stream As FileStream = New FileStream(clientSecretsPath, System.IO.FileMode.Open, System.IO.FileAccess.Read)

    Using stream
        credential = Await GoogleWebAuthorizationBroker.AuthorizeAsync(GoogleClientSecrets.Load(stream).Secrets, scopes, "user3", CancellationToken.None)
    End Using


    Dim baseInitializer = New BaseClientService.Initializer()
    With baseInitializer
        .HttpClientInitializer = credential
        .ApplicationName = "P1"
    End With

    Dim service = New CalendarService(baseInitializer)


    Dim Calendars = (Await service.CalendarList.List().ExecuteAsync()).Items()
    Dim toReturn As String = "{""items"": ["
    For Each firstCalendar As CalendarListEntry In Calendars


        If firstCalendar IsNot Nothing Then
            ' Get all events from the first calendar.
            Dim calEvents = Await service.Events.List(firstCalendar.Id).ExecuteAsync()
            ' DO SOMETHING
            Dim items = calEvents.Items
            'Return JsonConvert.SerializeObject(calEvents)
            For Each ite As Google.Apis.Calendar.v3.Data.Event In items
                If Not (ite.Location Is Nothing) And Not (ite.Start Is Nothing) Then
                    Dim tst = ite.Start.DateTime
                    toReturn = toReturn + " [""" + Date.Parse(ite.Start.DateTime).ToShortDateString + """" + "," + """" + ite.Location + """" + "," + """" + ite.Start.DateTime + """" + "," + """" + ite.Start.DateTime + """" + "," + """""],"
                End If
            Next

        End If
    Next
    toReturn = toReturn.Substring(0, toReturn.Length - 1)
    Return toReturn + "]}"
End Function`
Community
  • 1
  • 1
Art F
  • 3,992
  • 10
  • 49
  • 81
  • 1
    Before attempting a response, can you elaborate on the Google API call? Do you expect it to interact with a known/unknown location in the file system (as it seems like)? – DavideB Nov 18 '13 at 09:31
  • @DavideB I really didn't think so, there are 2 calls, the first is for authentication through Oauth, and the 2nd uses the Calendar API to extract certain data from Google Calendar. It does read a JSON file as part of the procedure, not sure if that counts as 'interacting with the file system'. – Art F Nov 18 '13 at 14:42
  • Does the JSON file you mentioned phisically reside on the file system? For example, where it is located when you test it locally in the development fabric? – DavideB Nov 18 '13 at 14:58
  • @DavideB Its inside the project, inside the App_Data folder. – Art F Nov 18 '13 at 15:02
  • Maybe the API is trying to write something. Can you show how you do the Oauth and calendar query? Are you using FileDataStore? – LostInComputer Nov 18 '13 at 16:37
  • @LostInComputer I added the code if it helps, to my knowledge its not trying to store anything... actually, perhaps OAuth2 is trying to store the token somewhere?.. – Art F Nov 18 '13 at 23:41
  • It seems that you have no rights under App_Data folder. – Thiago Custodio Nov 19 '13 at 19:03
  • I'll take a look, I'm starting to believe, based on the comments here, that the Google Oauth API is trying to write the security token to a default directory which has no permission on Azure. I'll try to take a look at this later today. – Art F Nov 19 '13 at 19:20
  • The default implementation of FileDataStore stores a file under Environment.SpecialFolder.ApplicationData. You can use your own implementation of IDataStore using database for example. I'll may change the implementation of FileDataStore in the next release that Environment.SpecialFolder.ApplicationData will be configurable. Makes sense? – peleyal Nov 19 '13 at 22:40
  • 3
    I'd expect that the exception is masking the actual original source - the Google.Apis.Auth assembly most likely has a reference or reliance on something that is either not present or requires a higher trust level to access. Deploy this section of code with some additional debugging that iterates over Inner Exceptions until you get to the source and prints a stack trace to screen. – Simon W Nov 20 '13 at 05:31
  • You can try impersonation programmatically. It may helps. If you r interested on i can post a class that uses impersonation and i am using it a lot. – kostas ch. Nov 22 '13 at 08:39
  • Can you post the exception's stack trace? – Panagiotis Kanavos Nov 26 '13 at 16:30

3 Answers3

3

Try this.

A.If you have RDP Acces to the Azure cloud then change the IIS settings

  • 1.Go to the IIS
  • 2.Under sites select the Default site
  • 3.Add Permission
  • 4.choose I_User object and give read/write access.
  • 5.later you can automate this setting using a batch file and startup task.

B.I think you are using any local path. You should change this to local storage for temporary requirement and blob storage for long requirement.

sudhansu63
  • 6,025
  • 4
  • 39
  • 52
0

I had a similar problem and figured out that I would need to build my own IDataStore using Windows Azure Blob storage. My solution is in C#, but I posted my class file here: https://groups.google.com/d/msg/google-api-dotnet-client/s7i6mkMjX-M/p_4YlaOyLp4J Maybe that will help you some if you haven't already figured out another solution.

Angela Rogers
  • 71
  • 5
-1

Wrap the code that uses credential in the using statement. Closing the using statement disposes of the resources in the using statement, so when you try to access/use credential later in code, it has already been disposed.

viperguynaz
  • 12,044
  • 4
  • 30
  • 41