I want to use
DirectoryInfo source C:\Users\admin\Desktop\Server:
source.GetDirectories();
I got System.UnauthorizedAccessException:
'Access to the path 'C:\Users\admin\Desktop\Server' is denied.'
I have UWP application. How to get permission to read and write folders/files from my UWP application?
UWP apps were designed to be safer for users to install - by the fact they run in sandbox and do not have most permissions by default the user knows the app can't cause any damage to her PC or data. This includes access to file system - you are allowed to access several specific paths on the PC - including app install location, app data folder. You can request additional locations like libraries, etc.
For arbitrary locations you have two options:
Use the FolderPicker (see Docs). User will select the desired folder and you get a StorageFolder instance through which you can freely access it. You can even store the permission to this folder over app restarts using FutureAccessList (see Docs) which will give you a token by which you can retrieve the StorageFolder instance in the future.
Declare the broadFileSystemAccess capability. This will give you full access to the filesystem via the StorageFolder and StorageFile APIs (but not via the classic System.IO API). This permission is a restricted one however, so it will be verified during Microsoft Store certification process and your app must have a good reason for actually needing this.
Related
I am working in a SageMaker environment that is locked down. For example, my user account is prevented from creating S3 buckets. But, I can successfully run vanilla ML training jobs by passing in role=get_execution_role to an instance of the Estimator class when using an out-of-the-box algorithm such as XGBoost.
Now, I'm trying to use an algorithm (LightBGM) that is only available via the JumpStart feature in SageMaker, but I can't get it to work. When I try to retrieve an image URI via image_uris.retrieve(), it returns the following error:
ClientError: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied.
This makes some sense to me if my user permissions are being used when creating an object. But what I want to do is specify another role - like the one returned from get_execution_role - to perform these tasks.
Is that possible? Is there another work-around available? How can I see which role is being used?
Thanks,
When I encountered this issue, it was a permissions issue with a bucket that had changed.
In the SageMaker Python SDK source code , there is a cache that is located at in an AWS-owned bucket: jumpstart-cache-prod-{region}. and a manifest.json that translates the ECR path for the image for you.
If you look at the stack trace, it could be erroring out at the code that is looking for the manifest.
One place to look is if there are new restrictions placed in IAM, Included here is the minimum policy you need to access JumpStart (pretrained) models
We have detected that your app contains the Request Legacy External Storage tag in the manifest file for one or more app or APK packages.
Developers who have apps on devices running Android OS 11 or later should use the Subsidiary Storage feature to give users better control over accessing the storage space available on their device. To launch your app on Android OS 11 or later after May 5, you need to perform one of the following steps:
Update your app to use privacy best practices such as Storage Access Framework or Media Store API
Update your app to announce the permission to access all files (MANAGE_EXTERNAL_STORAGE) in the manifest file, and to complete the statement of access permission to all files in the Play Console as of May 5
Completely remove the permission to access all files from your app
For apps targeting Android 11, the request Legacy External Storage tag will be ignored. You have to use the access permission to all files to retain access to external storage space.
Applications that require access to all files without permission to use will be removed from Google Play, and you will not be able to publish updates.
I want someone to help me
if your targetSdk is not 30 you can keep using that flag
android:requestLegacyExternalStorage="true"
And you don' t have to do anything.
But developers should do targetSdk = 30 in November.
I share answer which came from google:
"you can continue to use requestLegacyExternalStorage after May 5th since you are not targeting Android 11. You do not need to do anything before May 5th."
In our application targetSdk = 29 and we use requestLegacyExternalStorage. If you are in the same condition, you don' t have to do anything for now.
If in your application targetSDK = 30 you have two option:
if your application is need access all files in device, use MANAGE_EXTERNAL_STORAGE. But you should submit a form for this permission.
Or you can use Storage access framework or the MediaStore API to handle your file access features.
I have developed and published an app in Google Play Store, which only send simple String request to REST API and store the results in the Preferences. The same app is also submitted to Windows Store for publication, however it was rejected due to the following reason:
The app declares use of the sensitive capability [musicLibrary, picturesLibrary, videosLibrary] without appearing to access the declared capability. Please removed the sensitive capability declaration and re-submit the app.
Upon inspection to Google Play Store submission, I noticed the same permissions are requested:
This app has access to:Photos/Media/Filesread the contents of your USB storagemodify or delete the contents of your USB storageStorageread the contents of your USB storagemodify or delete the contents of your USB storageOtherreceive data from Internetview network connectionsfull network accessprevent device from sleeping
So my question is, do Preferences really need these permissions, or can I set some kind of build hints to remove these permission requests, especially for UWP build? I have also tried to set android.blockExternalStoragePermission build hint, but the permissions are still requested in Android build. I have yet to try iOS build since currently I don't have Apple Developer account.
Thank you very much in advance.
Edit #1 (23/10/2018):
Upon further inspection, I found that I have mistakenly uploaded the version that didn't declare android.blockExternalStoragePermission to Google Play Store, so all good on Android version.
Currently I'm not using any of cn1libs, and here's the list of all classes imported in my application:
java.util.HashMapjava.util.Mapjava.util.Randomcom.codename1.components.InfiniteProgresscom.codename1.components.ToastBarcom.codename1.components.ToastBar.Statuscom.codename1.io.CharArrayReadercom.codename1.io.JSONParsercom.codename1.io.Logcom.codename1.io.NetworkManagercom.codename1.io.Preferencescom.codename1.io.rest.Responsecom.codename1.io.rest.Restcom.codename1.l10n.L10NManagercom.codename1.ui.Buttoncom.codename1.ui.Componentcom.codename1.ui.Containercom.codename1.ui.Dialogcom.codename1.ui.FontImagecom.codename1.ui.Formcom.codename1.ui.Labelcom.codename1.ui.events.ActionEventcom.codename1.ui.events.ActionListenercom.codename1.ui.layouts.BorderLayoutcom.codename1.ui.layouts.FlowLayoutcom.codename1.ui.layouts.GridLayoutcom.codename1.ui.plaf.Bordercom.codename1.ui.plaf.Stylecom.codename1.ui.plaf.UIManagercom.codename1.ui.util.Resources
So my original question remain, how do I set the build hints to prevent the same external storage read/write permission in Windows and iOS?
See the section titled "Android Permissions" here, for a list of some API's that might trigger extra permissions. I suggest extracting the manifest from the XML and inspecting it. It should include two permissions based on your description you should have two permissions there:
android.permission.WRITE_EXTERNAL_STORAGE - which you should have been disabled when you applied android.blockExternalStoragePermission
android.permission.INTERNET - this one you actually need
I'm assuming you have a permission for media access and here it becomes a question of where it came from?
Did you use a cn1lib that might include a feature that triggers this?
Do you have a feature in the app that isn't active yet?
Once you have the specific name or results of this investigation comment here and I'll revise the answer with more details.
I have trying to overwrite or perform some file operation to the files uploaded in a webserver.
Previously I have uploaded the files from joomla extension. It defined its owner as 99. Without changing its owner it my login name i am unable to perform file operation using ftp and cpanel.
what can be done?
You could enable the FTP layer of Joomla.
It does depend a bit on how your hosting sets permissions (whether they use ACL's, etc), but the FTP layer of Joomla is designed to get around exactly this issue.
Documentation for this feature is here:
http://help.joomla.org/content/view/1941/302/1/2/
I am trying to impersonate a domain user account in a WPF application so the application can write to a folder on the network. The domain user has sufficient rights to write to this location.
I'm using some code found on the net to perform the impersonation.
Basically, it calls the native LogonUser method which returns a security token, then create a new WindowsIdentity passing the token and finally calling the windowsIdentity.Impersonate() method.
I get no exceptions executing above logic.
Calling WindowsIdentity.GetCurrent() -> returns impersonated identity.
Writing to the UNC path -> UnauthorizedAccess exception.
So, I inspect the Thread.CurrentPrincipal object before I try to write the file, this has a GenericPrincipal, and not a WindowsPrincipal with the impersonated WindowsIdentity.
So in the startup of the application I set the AppDomain.CurrentAppDomain.SetPrincipalPolicy to PrincipalPolicy.Impersonate.
I restart my application...
Before my call to impersonate, i can see my own credentials on Thread.CurrentPrincipal, the ones that i'm using to log onto my development machine and which is executing my WPF program.
I again try to run the impersonation logic, again I see the impersonated identity on WindowsIdentity.GetCurrent, all seems fine, no exceptions
However on Thread.GetCurrentPrincipal I still see my own credentials, and if I look at the AuthenticationType property, there is an UnauthorizedException (which is only visible in the debugger, it is not being thrown in the application !!). I let the code run.
Again, UnauthorizedAccess when trying to write my file on the UNC location.
Last thing I tried is to create a new WindowsPrincipal with WindowsIdentity.GetCurrent()
and I explicitly set it on Thread.Current, but same result.
UnauthorizedAccess when a write to the UNC location.
I'm out of ideas :)
Does the machine with network share belong is in the domain?
Did you try accessing network share using that domain account? For instance using "Run As...".
In LogonUser function try to use LOGON32_LOGON_NETWORK flag, when doing logon.
Also to see if impersonation actually took place try to enable auditing of Logon/Logoff events from security policy (info link)