AI OnAI Off

Inaccurate usage of UnauthorizedAccessException

Yauheni Aliashkevich
Yauheni Aliashkevich
Vote:
 

Commerce manager checks throw System.UnauthorizedAccessException exception.

Exception is handled in Global.asax (redirect to Unauthorized.html page)

	void Application_Error(object sender, EventArgs e)
	{
		Exception ex = Server.GetLastError().GetBaseException();

		if (ex != null)
		{
			if (typeof(UnauthorizedAccessException) == ex.GetType())
			{
                Response.Redirect(String.Format("~/Apps/Shell/Pages/Unauthorized.html"));
			}
			else if (typeof(HttpException) == ex.GetType())
			{
				int errorCode = ((HttpException)ex).ErrorCode;
				if (errorCode == 500) // consider 500 a fatal exception
				{
					// Log the exception
					LogManager.GetLogger(GetType()).Fatal("Backend encountered unhandled error.", ex);
					return;
				}
			}
		}

		// Code that runs when an unhandled error occurs
		// Log the exception
		LogManager.GetLogger(GetType()).Error("Backend encountered unhandled error.", ex);

	}

    

From MSDN:

The exception that is thrown when the operating system denies access because of an I/O error or a specific type of security error.

 

Live case:

- Mediachase.Search.config

<Indexers basePath="[no accessible path]">

    

[not accessbile path] = path that current user(IIS application domain identity) can't access/read/write

- Go to Commerce Manager->Administration->System Settings->Search index

- Note the message: 

Access Denied
Your account does not have rights to access this feature of the commerce manager. Please contact your system administrator for more information. 

 

That is definetly wrong!


Commecer manager framework should use its' own custom security exception type and catch it to make redirect.

Using of system exceptions leads to total hiding of problem root and does really confuse users/developers!

 

Sorry for emotion, but I've just spent almost all day investigating the problem.

#85045
Apr 11, 2014 18:08
Yauheni Aliashkevich
Yauheni Aliashkevich
Vote:
 

To clarify:

"Commerce manager checks" stands for "Commerce manager security checks".

#85048
Apr 11, 2014 19:17
Quan Mai
Quan Mai
Vote:
 

Hi,

Thank you for your input. That's make senses. If the search configuration is not correct, then we should show more meaningful error message. I'll file a bug for this.

Regards.

/Q

#85079
Apr 14, 2014 14:36
Rajesh Jaiswal
Rajesh Jaiswal
Vote:
 

Hi,

Im creating a new module using business foundation object. It working for me to storing data, I can see the list view but when I try to check details vide its throwing me a message for permission.Your account does not have rights to access this feature of the commerce manager. Please contact your system administrator for more information.

"Your account does not have rights to access this feature of the commerce manager. Please contact your system administrator for more information."

But this is woking fine in my local system. I'm getting the message is on production server.

If anyone has any idea please let me know.

Thanks,

Rajesh

#176567
Mar 22, 2017 4:37
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.