IAttachmentFile error

Discussions related to SoftPro Select Server development.

Moderator: Phil Barton

Post Reply
MattW
Posts: 46
Joined: Tue May 26, 2015 5:17 pm

IAttachmentFile error

Post by MattW » Wed Jul 18, 2018 3:37 pm

We are trying to read an attachment during the ordersaving event on the ServerPackge, but receive a security exception every time we call GetStream() on the IAttachmentFile.

Are there any special dll's or handling needed to get the stream on the server side (the same method works fine on the client side)?

Exception:
System.Security.SecurityException: Insufficient permissions to view this file attachment.

MattW
Posts: 46
Joined: Tue May 26, 2015 5:17 pm

Re: IAttachmentFile error

Post by MattW » Thu Jul 19, 2018 12:26 pm

Some additional information:

I was able to get the stream directly from the IBlobStore service, but this only works for preexisting attachment (this also bypasses the ThrowIfCannotViewFiles check and whatever consequences that includes).

After decompiling AttachmentFile.GetStream(), it looks like the error is manually thrown by a SoftPro permission check (ThrowIfCannotViewFiles()):

The following methods are from the AttachmentFile class in SoftPro.OrderTracking.Client.dll.

GetStream:

Code: Select all

public Stream GetStream()
    {
      this.ThrowIfCannotViewFiles(); // this throws the error
      return this.Blob.GetStream();
    }
ThrowIfCannotViewFiles:

Code: Select all

private void ThrowIfCannotViewFiles()
    {
      if (!this.ShouldIgnoreConstraints && this.Parent != null && !this.Site.GetService<IAttachmentsProvider>().GetActionController().CanViewFiles(this.Parent))
        throw new SecurityException(Resources.AttachmentsViewFileSecurityError);
    }

mhoutz
Posts: 14
Joined: Wed Dec 14, 2016 5:22 pm

Re: IAttachmentFile error

Post by mhoutz » Thu Jul 19, 2018 12:54 pm

Hi Matt,

The credentials that you're using to connect may not have the correct permission to 'view' for all attachments (or in that folder if it has custom security). You can turn those permissions on in SPAdmin for that user, which is what I would recommend.

Let me know if you have further trouble.

Mike

MattW
Posts: 46
Joined: Tue May 26, 2015 5:17 pm

Re: IAttachmentFile error

Post by MattW » Thu Jul 19, 2018 1:07 pm

Not sure that's it. As I said, the code works fine when running from a shell package, but fails when running from the server package. I have permissions in SPAdmin set up correctly, otherwise I wouldn't be able to see or do anything with attachments through the UI, which I can.

mhoutz
Posts: 14
Joined: Wed Dec 14, 2016 5:22 pm

Re: IAttachmentFile error

Post by mhoutz » Thu Jul 19, 2018 2:48 pm

Hmm, something may not be working right here. I'll look into this further and get back with you.

Mike

MattW
Posts: 46
Joined: Tue May 26, 2015 5:17 pm

Re: IAttachmentFile error

Post by MattW » Thu Jul 19, 2018 3:05 pm

It's worth noting that this code used to work, but stopped within the last month or so. We aren’t exactly sure when the error started happening, but it shows in our error logs going back to the middle of June.

The code in question didn't change -- it just started getting this security error. The only system change we’ve had in the last couple of months was upgrading to SQL Server 2016. However, we aren’t seeing errors in the SQL logs, and I’m not sure why, if it was actually a SQL error, that it would work from a shell package, but not server package.

Hopefully you guys can find something.

mhoutz
Posts: 14
Joined: Wed Dec 14, 2016 5:22 pm

Re: IAttachmentFile error

Post by mhoutz » Tue Jul 24, 2018 4:12 pm

Hi Matt,

Sorry about this one. After examining this, it does look like it's a bug with Server Packages. When I attempt to get an attachment stream with a server package, it seems to always give me 'access is denied', like you are receiving. I'm urgently looking into this to see if I can find a workaround.

Mike

mhoutz
Posts: 14
Joined: Wed Dec 14, 2016 5:22 pm

Re: IAttachmentFile error

Post by mhoutz » Wed Jul 25, 2018 1:10 pm

I unfortunately haven't found a workaround for the server package to avoid that permission check, which is where this bug currently exists. Would you be interested in converting this to a shell package? I've noticed that the permission check for attachment stream works fine there. It would consume a license, but it's worth thinking about if you need an urgent replacement.

Again, apologies for this issue.

Mike

Post Reply