UnauthorizedAccessException while uploading excel Data to .Net control on SharePoint 2010

Question

I am facing an issue with uploading excel data to .Net control which is deployed on SharePoint 2010. The functionality is to upload the values that are in Excel sheet as comma separated to .Net Textbox Control. Before reading the data from Excel the document is saved to the server path (Server.Mappath) of the application. In my case it is the _Layouts of the SharePoint 2010 Server where all my ASPX pages are deployed. This functionality works fine on the SharePoint 2007 environment but the same functionality when deployed on SharePoint 2010 Environment is throwing an unauthorized exception. Below is the code i am using to upload the data from excel and error message. Can anyone please help me fixing this issue or any work around?

Error Message on SharePoint 2010:

Error Occured: System.UnauthorizedAccessException: Access to the path 'C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\template\\layouts\\Test\\Dev\\ABC.xlsx' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode) at System.Web.HttpPostedFile.SaveAs(String filename) at App.Test.btnFileUpload_Click(Object sender, EventArgs e)

Code Sample:

if (fileUpload.HasFile)
{
    strTarget = Server.MapPath(fileUpload.FileName);
    string[] arrCheckExtension = strTarget.Split('.');
    if (arrCheckExtension.Length >= 2)
    {
        if (arrCheckExtension[1].ToString().Equals("xls") || arrCheckExtension[1].ToString().Equals("xlsx"))
        {
            fileUpload.SaveAs(strTarget);
            strConnForExcel = String.Format(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source={0};Extended Properties=""Excel 12.0;HDR=YES;IMEX=1;""", strTarget);
            strQueryForExcel = String.Format("select id from [{0}$]", "Test");
            OleDbDataAdapter adap = new OleDbDataAdapter(strQueryForExcel, strConnForExcel);
            ds = new DataSet();
            adap.Fill(ds);
            if (ds.Tables[0].Rows.Count > 0)
            {
                for (int i = 0; i < ds.Tables[0].Rows.Count; i++)
                {
                    if (strids == "")
                    {
                        strids += ds.Tables[0].Rows[i]["id"].ToString();
                    }
                    else
                    {
                        strids += "," + ds.Tables[0].Rows[i]["id"].ToString();
                    }
                }
                txtUpload.Text = strids;

            }
        }
        else
        {
            Response.Write("<script language='javascript'>alert('Please Select File with .xls or xlsx Extension');</script>");

        }
    }
}

Answer 1

The problem is in permission. Account used for SharePoint web application has no access to SharePoint hive folder by default. And there's good reason for that. But you can use another folder. Moreover you should also generate random name of uploaded file as two different users can upload different files with the same names overwriting each other.

You can use code like this:

var tmpFolderPath = Path.Combine(Directory.GetParent(Environment.GetFolderPath(Environment.SpecialFolder.System)).FullName, "Temp");
var tmpPath = Path.Combine(tmpFolderPath, string.Format("excelImport_{0}.tmp", (Guid.NewGuid())));

It uses system temp folder (c:\\windows\\temp by default) and also generates random file name.