Parsing Xml through a web request : Access denied... Need help

W

weird0

i wrote some lines of code to parse xml file and tested it. It ran
correct independently but when i inserted that function in a
webservice and called it, it gave errors. The error at present is
"Access to the file 'g:\inetpub\wwwroot\xmltransactions\xmltrans0.xml'
is denied ". Here is the code that i wrote:

[WebMethod]
public void ParseXmlFile(string filename)
{
using (FileStream myFile = new
FileStream(@"G:\Inetpub\wwwroot\XML_TRANSACTIONS\"+ filename,
FileMode.Open, FileAccess.ReadWrite))
{

FileSecurity fileSec = myFile.GetAccessControl();
FileSystemAccessRule newRule = new FileSystemAccessRule(
new System.Security.Principal.NTAccount(@"s2188\s2188"),
FileSystemRights.FullControl,
AccessControlType.Allow);

fileSec.AddAccessRule(newRule);

File.SetAccessControl(@"g:\Inetpub\wwwroot\XML_TRANSACTIONS\" +
filename, fileSec);

FileStream fs = new
FileStream(@"g:\Inetpub\wwwroot\XML_TRANSACTIONS\" + filename,
FileMode.Open);
XmlReader tr = XmlReader.Create(fs);
while (!tr.EOF)
{
// if we hit an element type we will store it in a
variable

if (tr.MoveToContent() == XmlNodeType.Element &&
tr.Name == "accno")
{
read_accno = tr.ReadElementString();
}
if (tr.MoveToContent() == XmlNodeType.Element &&
tr.Name == "amount")
{
read_amount = tr.ReadElementString();
}
if (tr.MoveToContent() == XmlNodeType.Element &&
tr.Name == "date_trans")
{
read_date_trans = tr.ReadElementString();
}
if (tr.MoveToContent() == XmlNodeType.Element &&
tr.Name == "pincode")
{
read_pincode = tr.ReadElementString();
}
else
{
// otherwise move on
tr.Read();
}
}
}
}

[WebMethod]
public void InsertXmlDataIntoDb()
{
System.Data.SqlClient.SqlConnection sqlConnection1 =
new System.Data.SqlClient.SqlConnection(@"Data
Source=.\SQLEXPRESS;AttachDbFilename=F:\courses\version1\App_Data\BankingDb.mdf;Integrated
Security=True;User Instance=True");
System.Data.SqlClient.SqlCommand cmd = new
System.Data.SqlClient.SqlCommand();

// atm_acc# , atm_amount , atm_branch , user_acc# , atm_date
string insertquery = "INSERT INTO ATM_Transactions values('" +
read_accno + "','"+read_amount
+ "','" +"Shahrae-Faisal"+"','" + " "+ "','"+ read_date_trans+
"')";

cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = insertquery;
cmd.Connection = sqlConnection1;

sqlConnection1.Open();
cmd.ExecuteNonQuery();
sqlConnection1.Close();
}
 
M

Marc Gravell

You don't say at what line if barfs... is it the first one? Perhaps
the IIS account genuinely doesn't have access? (defualt is the ASPNET
account).
I made an assumption of IIS - is this correct? It isn't clear what is
reading from where... for instance, in a web-app I would generally
look at MapPath options, then web.config, before hard-coding paths, as
I would expect anything outside of my web-apps tree to be
inaccessible. I would also not expect a web-account to be able to
grant much access (is s2188 for the SqlExpress account? - comments!!!)

Oh - and your insert query is just begging for an injection attack; it
isn't clear how the original file gets written (since ParseXmlFile
merely references files that already exist on the server) - but you
might want to guard that... look into parameterised queries / stored
procedures.

Marc
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Loop reading xml 6

Top