部署到azure网站后,对路径的访问被拒绝(发生类型为'System.UnauthorizedAccessException'的异常) [英] Access to the path is denied (An exception of type 'System.UnauthorizedAccessException' occurred) after deploying to azure websites
问题描述
我正在从blob下载内容并将其存储在浏览我的应用程序的用户的本地文件夹中.一切正常,在本地没有任何问题,但是在部署到App Service Web应用程序后,我遇到了拒绝访问的问题.我尝试了以下选项,
I am downloading content from blob and storing it in the local folder of the user browsing my application. Everything is working fine without any issues locally but after deploying to App Service Web Application, I am getting access denied issue. I have tried the following options,
选项1:
string pathString = @"D:\Test";
System.IO.Directory.CreateDirectory(pathString);
在部署到应用程序服务Web应用程序后尝试创建目录时,出现访问被拒绝的问题.
I get access denied issue when trying to create the directory after deploying to app service web app.
选项2:
Environment.GetFolderPath(Environment.SpecialFolder.Desktop)
在本地执行时,它为我提供了路径F:\Users\xxxx\Desktop\TestEncrypt - Copy.txt,在部署后它不会检索任何路径.
When executing locally, it gives me the the path F:\Users\xxxx\Desktop\TestEncrypt - Copy.txt where as after deploying it does not retrieve any path.
选项3:
System.IO.Path.GetTempPath()
在本地执行时,它给我以下路径F:\Users\xxxxx\AppData\Local\Temp\TestEncrypt.txt;而在部署到应用程序服务Web应用程序后,它给我以下路径D:\local\Temp\TestEncrypt.txt
我尝试使用GetTempPath创建目录,但未创建任何文件夹
When executing locally, it gives me the following path F:\Users\xxxxx\AppData\Local\Temp\TestEncrypt.txt whereas after deploying to app service web app it give me the following path D:\local\Temp\TestEncrypt.txt
I tried creating a directory using GetTempPath but it does not create any folder
请求您提供宝贵的意见来解决此问题
Request your valuable inputs in resolving this issue
推荐答案
选项1:字符串pathString = @"D:\ Test";
Option 1: string pathString = @"D:\Test";
原因是应用程序代码使用此标识对操作系统驱动器(D:\驱动器)进行基本只读访问.
The reason is that application code uses this identity for basic read-only access to the operating system drive (the D:\ drive).
选项2:Environment.GetFolderPath(Environment.SpecialFolder.Desktop)
Option 2: Environment.GetFolderPath(Environment.SpecialFolder.Desktop)
桌面文件夹格式为'%systemdrive%\ users \%username%\ Desktop'.根据Kudu Environment页面,我们可以发现systemdrive变量值为'D:'.用户名变量值为"RD0003FF2AE3CC $".由于Azure Web App在称为沙箱的安全环境中运行,因此用户"RD0003FF2AE3CC $"是不存在的虚拟用户.为了证明这一点,我们可以从Kudu调试控制台窗口中找到所有用户名.这是我在Kudu中找到的用户.
The desktop folder format is '%systemdrive%\users\%username%\Desktop'. According to Kudu Environment page, we can find that the systemdrive variable value is 'D:'. The username variable value is 'RD0003FF2AE3CC$'. Since Azure Web App runs in a secure environment called a sandbox, the user 'RD0003FF2AE3CC$' is a virtual user which doesn't not exist. To prove it, we can find all the user names from Kudu Debug Console Window. Here are the users I found in Kudu.
D:\Users>dir
Directory of D:\Users
04/01/2017 11:36 PM <DIR> .NET v2.0
04/01/2017 11:36 PM <DIR> .NET v2.0 Classic
04/01/2017 11:36 PM <DIR> Classic .NET AppPool
06/01/2017 07:32 AM <DIR> OnStartAdmin
06/01/2017 07:27 AM <DIR> Public
06/01/2017 07:48 AM <DIR> SiteStorageAdmin
选项3:System.IO.Path.GetTempPath()
Option 3: System.IO.Path.GetTempPath()
每个Azure Web App都有一个临时的本地目录(D:\ local).当运行不再在VM上运行时,该文件夹中的内容将被删除.该目录是存储应用程序临时数据的地方.不建议您的Web应用程序使用此文件夹.
Every Azure Web App has a local directory(D:\local) which is temporary. The content in this folder will be deleted when the run is no longer running on the VM. This directory is a place to store temporary data for the application. It is not recommended to use this folder by your web application.
参考资料: Azure Web App沙箱
我们建议您在Web应用程序文件夹的根目录(D:\ home \ site \ wwwroot)中创建一个临时文件夹,并使用它来存储临时数据.
We suggest you create a temp folder at the root of your web application folder(D:\home\site\wwwroot) and use it to store the temp data.
string tempFolder = Server.MapPath("~/TEMP");
if (!Directory.Exists(tempFolder))
{
Directory.CreateDirectory(tempFolder);
}
我的要求是将Blob内容下载到用户计算机中
my requirement is to download the blob content into the users machine
有两种方法可以实现您的要求.
There are 2 ways to implement your requirement.
首先,您可以获取blob内容并将其保存到内存流中.之后,您可以使用以下代码将该数据传输到客户端.
First, you could get blob content and save it to a memory stream. After that, you could transfer this data to client using following code.
public ActionResult Download()
{
string blobName = "abc.png";
string containerName = "mycontainer";
string connectionString = "";
// Retrieve storage account from connection string.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
// Create the blob client.
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
// Retrieve reference to a previously created container.
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
// Retrieve reference to a blob named "photo1.jpg".
CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName);
MemoryStream ms = new MemoryStream();
// Save blob contents to a file.
blockBlob.DownloadToStream(ms);
ms.Position = 0;
return File(ms, "application/octet-stream", blobName);
}
如果Blob很大,则可以使用SAS生成URL并重定向到该URL.客户端将直接从Blob服务器下载文件.
If the blob size is very large, you could generate a URL with SAS and redirect to the URL. The client will download the file directly from the blob server.
public ActionResult Download()
{
string blobName = "abc.png";
string containerName = "mycontainer";
string connectionString = "";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
var sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5);
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(10);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName);
var sasBlobToken = blockBlob.GetSharedAccessSignature(sasConstraints);
var sasUrl = blockBlob.Uri + sasBlobToken;
return Redirect(sasUrl);
}
这篇关于部署到azure网站后,对路径的访问被拒绝(发生类型为'System.UnauthorizedAccessException'的异常)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
