Asp Net Core on Ubuntu - access is denied

Question

After installing library MailKit and calling new SmtpClient().ConnectAsync(_settings.Server, _settings.Port, _settings.SSL); I get this error:

Access to the path '/var/www/.dotnet/corefx/cryptography/crls' is denied.

by the way, my project is located on /media/ProjectName. i tried perform this: sudo chmod -R 755 /var but i got permission error.

here is stacktrace:

at System.IO.UnixFileSystem.CreateDirectory(String fullPath)↵ at System.IO.Directory.CreateDirectory(String path)↵ at Internal.Cryptography.Pal.CrlCache.GetCachedCrlPath(X509Certificate2 cert, Boolean mkDir)↵ at Internal.Cryptography.Pal.CrlCache.DownloadAndAddCrl(X509Certificate2 cert, SafeX509StoreHandle store, TimeSpan& remainingDownloadTime)↵ at Internal.Cryptography.Pal.CrlCache.AddCrlForCertificate(X509Certificate2 cert, SafeX509StoreHandle store, X509RevocationMode revocationMode, DateTime verificationTime, TimeSpan& remainingDownloadTime)↵ at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.BuildChain(X509Certificate2 leaf, HashSet1 candidates, HashSet1 downloaded, HashSet1 systemTrusted, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan& remainingDownloadTime)↵ at Internal.Cryptography.Pal.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout)↵ at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)↵ at System.Net.Security.CertificateValidation.BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, Boolean checkCertName, String hostName)↵ at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertValidationCallback remoteCertValidationCallback)↵ at System.Net.Security.SslState.CompleteHandshake()↵ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)↵ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)↵ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)↵ at System.Net.Security.SslState.ReadFrameCallback(AsyncProtocolRequest asyncRequest)↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()↵ at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)↵ at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)↵ at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)↵ at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task`1 promise, Boolean requiresSynchronization)↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)↵ at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)↵ at MailKit.MailService.<>c__DisplayClass41_0.b__0()↵ at System.Threading.Tasks.Task.Execute()↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)↵ at MyProject.Services.MessageService.d__4.MoveNext()↵--- End of stack trace from previous location where exception was thrown ---↵ at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)↵ at MyProject.Services.MessageService.d__5.MoveNext()

Answer 1

As Lex Li posted create directory /var/www/.dotnet/corefx/cryptography/crls and give rights to www-data group (if this is the group that runs your service)

sudo chgrp www-data /var/www/.dotnet/corefx/cryptography/crls

Answer 2

I was referring this guide. In the kestrel-hellomvc.service file replaced User=www-data with User=my-root-username and it worked. Hope it helps someone.