Access to the path 'C:\Windows\system32\config\systemprofile' is denied when using Google.Api OAuth 2

Asked 14/7, 2017 at 12:57 Answered 27/11, 2023 at 13:30

.net model-view-controller google-api google-calendar-api

I am using Google Calendar Api with one of my project. I don't know how but Error Shown Below is troubling.

Code inside AppFlowMetadata.

public class AppFlowMetadata : FlowMetadata
{
    private static readonly IAuthorizationCodeFlow flow =
        new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
        {
            ClientSecrets = new ClientSecrets
            {
                ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
                ClientSecret = "xxxxx_xxxxxxxxxxxxxxxxx"
            },
            Scopes = new[] { CalendarService.Scope.Calendar },
            DataStore = new FileDataStore("Calendar.Api.Auth.Store")
        });

    public override string GetUserId(Controller controller)
    {
        var user = controller.Session["UserID"];

        if (user == null)
        {
            user = Guid.NewGuid();
            controller.Session["UserID"] = user;
        }
        return user.ToString();

    }

    public override IAuthorizationCodeFlow Flow
    {
        get { return flow; }
    }
}

I tried below solution from GitHub but isn't working

Above solution didn't worked for me, if any have the answer please help.

Lafayette answered 14/7, 2017 at 12:57 Comment(5)

Elevate your process. If you are running it from Visual Studio, start VS as Administrator. Or just run as administrator your program. – Overripe 14/7, 2017 at 13:3

Do you have the source code for the AppFlowMetadata class that is throwing the exception? – Castled 14/7, 2017 at 13:4

Yes I'll try restarting. @VladimirArustamian and I'll add the code inside AppFlowMetadata @Castled – Lafayette 14/7, 2017 at 13:9

Have a read of domantasjovaisas.wordpress.com/2014/09/27/… – Castled 14/7, 2017 at 13:10

Ok @Castled and P.S. i've updated my code – Lafayette 14/7, 2017 at 13:32

As per https://domantasjovaisas.wordpress.com/2014/09/27/demystifying-google-api-and-oauth2/ :

From code I just provided you can see that I’m using File2DataStore. It’s overridden by me. Standard FileDataStore I changed to my own needs. Standard FileDataStore stores auth keys in “C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Drive.Api.Auth.Store”

I don’t think so that you will allow IIS_IUSRS users access this location in production environment 🙂 Think twice, don’t do that. Rewrite FileDataSource to your own needs. Here is two examples how you can do it :

https://code.google.com/p/google-api-dotnet-client/source/browse/Src/GoogleApis.DotNet4/Apis/Util/Store/FileDataStore.cs http://www.daimto.com/google-oauth2-csharp/#FileDataStore

In short, you need to stop using FileDataStore and write your own replacement (using the above links as your starting points).

Castled answered 14/7, 2017 at 13:34 Comment(0)

The problem is that by default

 new FileDataStore("Calendar.Api.Auth.Store")

stores data at path that requires special permission so instead send full path as parameter.

Instead of

    new FileDataStore("Calendar.Api.Auth.Store")

send full path to where you want to save in your file system and second parameter set to true for example

    new FileDataStore(fullpath, true);

That should work. Good luck

Confrere answered 19/7, 2017 at 11:46 Comment(3)

This is especially the case when running a windows service or Asp.net application which logs in with a service account or an appPool account. – Progestational 16/1, 2019 at 9:30

@ChrisFCarroll always good to see you out and about.. – Turbid 30/3, 2022 at 11:0

@Turbid : ah 2019, those were the days, when I got out and about! – Progestational 1/4, 2022 at 13:28

I don't think you give permission to this folder C:\Windows\system32\config\systemprofile. Try using absolute path like this image or convert a relative path to absolute (by using server map path).

Make sure you have enough permission on this folder.

Yandell answered 20/6, 2021 at 16:13 Comment(0)

Although there are some intelligent posts here, my suggestion in 2023 is just forget it. It isn't designed to work with .net framework on a hosted site. I was able to figure out one-tap which is javascript only code by copying some of the code and includes from this link https://googleonetap.developer.li/ I got the name, email and some other limited profile data in the handleCredentialResponse function at the above link like identity.email and identity.name. So much less work and doesn't have that nasty workflow business (at least it's not necessary to learn about it). Then I did what was necessary on my site to make the user actually logged in based on that info. I got rid of the funky one tap dialog when site loads by commenting out google.accounts.id.prompt(). For my purpose, the Sign in with Google button is all I want.

Very confusing as there are so many versions of everything out there.

Assibilate answered 18/10, 2023 at 4:8 Comment(0)

1)you are go to systemprofile folder (in C:\Windows\System32\config) and right click Properties> security Tab> Click Edit and give full control.
2)Later than you have to Create new folder like MyFolder in C:\Windows\System32\config\systemprofile\AppData\Roaming
3)and finally add your code 
var folder = @"C:\Windows\system32\config\systemprofile\AppData\Roaming\MyFolder";
UserCredential credential;
        string[] scopes = new[] { "https://www.googleapis.com/auth/cloud-translation" };

        using (var stream2 = new FileStream(@"client_secrets.json", FileMode.Open, FileAccess.Read))
        {
            credential = GoogleWebAuthorizationBroker.AuthorizeAsync(GoogleClientSecrets.Load(stream2).Secrets, 
                scopes, "user", CancellationToken.None,new FileDataStore(folder, true)).Result;

        };

        return credential;

Glyn answered 27/11, 2023 at 13:30 Comment(0)

-2

I don't know google api... but that folder has a specific security that permit access only to Administrators group members.

Maybe the user (used by IIS or Visual Studio) has to be member of the local machine Administrator group (\Administrator).

By the way, in Visual Studio you have to start as administrator.

Selfabuse answered 14/7, 2017 at 13:15 Comment(0)

Recommended topics

Hot tags