I am working on an ASP.NET MVC 3 application.
I have implemented custom Principal and Identity classes that I am using for user authentication and authorization. I am using Forms Authentication.
In all of my controllers I am using the AuthorizeAtribute
to check if the user is in one of my custom roles to restrict or grant access to features according to the user's permissions.
When I created the project I used the "ASP.NET MVC 3 Web Application" template which included default models and controllers for a user's Account.
I have added significant functionality to the project and have modified it to work the the custom Principal and Identity classes which do not utilize the built in ASPNETDB database at all.
Everything is working fine on my development machine; however, when I deploy the project to the beta web server I am experiencing an error when the user is not authenticated and they attempt to go directly to a feature.
The error message is Access to the path '...\App_Data' is denied.'
.
The Stack Trace is as follows:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj, Boolean checkHost)
at System.IO.Directory.InternalCreateDirectoryHelper(String path, Boolean checkHost)
at System.IO.Directory.CreateDirectory(String path)
at System.Web.DataAccess.SqlConnectionHelper.CreateMdfFile(String fullFileName, String dataDir, String connectionString)
at System.Web.DataAccess.SqlConnectionHelper.EnsureDBFile(String connectionString)
at System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation)
at System.Web.Security.SqlRoleProvider.GetRolesForUser(String username)
at WebMatrix.WebData.SimpleRoleProvider.GetRolesForUser(String username)
at System.Web.Security.RolePrincipal.IsInRole(String role)
at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
at System.Web.Mvc.AuthorizeAttribute.AuthorizeCore(HttpContextBase httpContext)
at System.Web.Mvc.AuthorizeAttribute.OnAuthorization(AuthorizationContext filterContext)
The reason the error is occurring is because there is no App_Data folder, nor is there an ASPNETDB.MDF file because the application is supposed to be using the custom Principal class.
This error seems to occur when the AuthorizeAtribute
attempts to check permissions but the custom Principal type was not applied to the current thread because the user is no longer logged in.
For example, if the user typed the URLhttp://theWebsite/theContoller/theRestrictedFeature/
into their web browser the web server would crash when it executed the line <Authorize(Roles:=("Has007Access")>
for the theRestrictedFeature
function in my controller.
I'm really not sure how to fix this problem and would like some advice on how to proceed.