Assigning Permission to a Shared Folder in Workflow with Scripting Code Component and c#

Overview:

This article demonstrates how to use the code scripting component to assign user permissions to a shared folder. The code scripting component allows you to create components on the fly by entering .NET code into the component editor at design-time. The c# code given in this example gives a user full control over the folder you provide however this can be changed. In addition, this article shows how to overcome common permissions issues when accessing files in a share from Workflow.

The Project:

To keep the example simple we'll use a decision project. Once you are finished though you'll have a configured component in your toolbox that you can easily add to any type of project.

In case you're new to Workflow, Decision projects run from start to finish at one time. Therefore, they can't have workflow components such as Dialog Workflow, Wait on External Event, or Pause Workflow Execution. Also, unlike workflow projects they can output data. You can use them to compartmentalize logic shared by multiple workflows. The advantage to this approach is that the logic contained in the decision model can be maintained in one place. To use a decision model project from a workflow you simply create a component against it with the Web Service Caller generator.

Input Data:

From your Project tree on the left, select Input Data. Add the following data elements:

• user (Text)
• folder (Text)

Output Data:

From your Project tree on the left, select Output Data. Add the following data elements:

• errormsg (Text), check Null Allowed
• error (Logical true/false)
• errorstack (Text) , check Null Allowed

Creating the Model:

Now we'll build the model. In your toolbox search for script. Select Code (Script) Component. Add the script component to the model and connect the start and end. Don't worry about configuring the script component yet. We'll do that once the rest of the model is built.

Add an Exception Trigger component and a 2nd End Component. Connect the Exception Trigger to the second end component. The end result should look like this.

Next, since we have Output Data configured, our end components must be configured to provide the mapping. On the End Component coming from the script component, set error to False and the other two variables to Null.

On the end component coming from the exception set error to True, errormsg to ExceptionTriggerMessage, and errorstack to ExcpetionTriggerSstackTrace.

Configuring the Scripting (Code) Component.

The scripting component takes you through a wizard to configure the following:

Input Parameters/ mapping

Define the variables that are available in your .NET code and which process data elements they map to.

Add the following (Case Sensitive):

• folder (text)
• user (text)

Next, Click the 'edit parameter mapping' button and map the input parameters to the corresponding data elements.

Result Variable

• The scripting component can return 1 type of variable as single object or array. If you need to return more than one type of data element then make a user defined type that incorporates all the data elements you need to return.

Since our method is void we do not set a return type. If we did have one our code would have to return that type.

Source Code

• The .NET code to run. This starts inside of a method so you can't add classes or methods. You can choose c#, VB.NET, or JScript .NET.

On the Code page change the type to C Sharp (c#). Since the code included has all of the type names fully qualified we don't need to import any namespaces.

Paste the following into the Source Code box:

try
{
if (!System.IO.Directory.Exists(folder))
{
throw new Exception("Directory doesn't exist or can't be accessed");
}

// Strip off trailing backslash which is not supported
folder = folder.TrimEnd('\\');

System.IO.DirectoryInfo dInfo = new System.IO.DirectoryInfo(folder);


System.Security.AccessControl.DirectorySecurity dSecurity = dInfo.GetAccessControl();
const System.Security.AccessControl.InheritanceFlags inhFlags = 
System.Security.AccessControl.InheritanceFlags.ContainerInherit | 
System.Security.AccessControl.InheritanceFlags.ObjectInherit;

System.Security.AccessControl.FileSystemAccessRule AccessRule = 
new System.Security.AccessControl.FileSystemAccessRule
(user, System.Security.AccessControl.FileSystemRights.FullControl, inhFlags,
System.Security.AccessControl.PropagationFlags.None,
System.Security.AccessControl.AccessControlType.Allow);
dSecurity.AddAccessRule(AccessRule);

dInfo.SetAccessControl(dSecurity);
}
catch (Exception ex)
{
throw new Exception(string.Format("Error Setting Folder Permissions for {0}: {1}", user, folder), ex);
}

Testing

• The Test page, which is labeled Result Variable for some reason, lets you test out your method.

Enter the input parameters and click 'run test'. Check to see that the permissions were granted.

Deploying the Project - Overcoming permissions issues

When you test in the designer and in Debug mode (by default) the code is executed as your domain user. When you deploy the project you'll probably find that you'll get an exception.

The happens because in IIS runs the application as the local Network Service account by default. To allow this account to make the changes on the folder we need to give it access.

To give the machine's Network Service access we need to open the folder in windows explorer and give the account the proper NTFS permissions. Right click on the folder and click properties. On the Security tab click Add and then click Object Types. Check Computers and uncheck everything else. Next add the workflow computer name and click Check Names. In this case to allow the account to modify other users' access we'll give it Full Control. This concept applies to other components.

After you grant the access you should be able to successfully run the deployed project.

Saving the Configured Component to Your Toolbox

In order to use your configured component in other projects you can save it to your project library. To do this right click on the configured script component in your project and click Save Component to Library. After doing this you can add it to any project from the Library tab of the Toolbox window.