Composite Control need write permisson

Discussion in 'ASP .Net Building Controls' started by manikal, Mar 28, 2007.

  1. manikal

    manikal Guest

    I've just finished building my composite control, it is image gallery
    that generates thumbnails from images in specified folder and creates
    new folder in which generated thumbnails been saved.

    For my control to operate correct in hosting environment in IIS -
    Directory Security "Integrated Windows authentication" needs to be
    checked. Is that "un-common" pre-request for control of this type?
    I am asking this because when I uploaded my web application with this
    control on site, on page with my control I get
    "System.UnauthorizedAccessException:"
    ASP.NET is not authorized to access the requested resource. Consider
    granting access rights to the resource to the ASP.NET request
    identity. ASP.NET has a base process identity (typically {MACHINE}
    \ASPNET on IIS 5 or Network Service on IIS 6) that is used if the
    application is not impersonating. If the application is impersonating
    via <identity impersonate="true"/>, the identity will be the anonymous
    user (typically IUSR_MACHINENAME) or the authenticated request user.
    Exception is raised when control need to create "thumbnails" folder.

    So, I've requested my hosting provider to check "Integrated Windows
    authentication" for my site, but they provided me with workaround
    instructions on how can I set "modify" permissions on parent folder of
    "thumbnails" folder. But that doesn't solve my issue because I can't
    set permissions with my FTP client.
    My question is, is there some kind of security risk for hosting
    provider to grant my site "Integrated Windows authentication", if it
    is, is there any way for my control to work without need of taking
    care pre-requests like this one.

    Thanks,
    manikal
    manikal, Mar 28, 2007
    #1
    1. Advertising

  2. Your host is actually recommending the correct course of action in this
    case. If a control needs write access, then the permissions on the directory
    must be modified to enable that. Using Integrated authentication isn't going
    to alter that. It will still require the correct permissions used by the
    user account that ASP.net is running under, the ASPNET user account or
    Network Service account (for Win 2003 boxes). Does your host provide you
    with a control panel? If so, then that is probably where you need to be
    altering permissions. Every host I've run into either has this done through
    a control panel, or has a process in place that let's you request particular
    permissions for a folder. In this case though, it sounds as if they have
    provided you with a mechanism to do this. I don't know of an FTP client
    that is able to alter the permissions on a Windows Server, though there may
    be one somewhere. Integrated Windows Authentication may cause some
    side-effects that you're not aware of. Using this method changes how the
    authentication request is sent to the client browser, typically requesting
    an NTLM response. Non-IE browsers don't use NTLM authentication and can only
    handle basic authentication responses. The side-effect is that when
    switching methods you end up with browsers that can't authenticate the
    anonymous user to view the site.

    --
    Hope this helps,
    Mark Fitzpatrick
    Former Microsoft FrontPage MVP 199?-2006


    "manikal" <> wrote in message
    news:...
    > I've just finished building my composite control, it is image gallery
    > that generates thumbnails from images in specified folder and creates
    > new folder in which generated thumbnails been saved.
    >
    > For my control to operate correct in hosting environment in IIS -
    > Directory Security "Integrated Windows authentication" needs to be
    > checked. Is that "un-common" pre-request for control of this type?
    > I am asking this because when I uploaded my web application with this
    > control on site, on page with my control I get
    > "System.UnauthorizedAccessException:"
    > ASP.NET is not authorized to access the requested resource. Consider
    > granting access rights to the resource to the ASP.NET request
    > identity. ASP.NET has a base process identity (typically {MACHINE}
    > \ASPNET on IIS 5 or Network Service on IIS 6) that is used if the
    > application is not impersonating. If the application is impersonating
    > via <identity impersonate="true"/>, the identity will be the anonymous
    > user (typically IUSR_MACHINENAME) or the authenticated request user.
    > Exception is raised when control need to create "thumbnails" folder.
    >
    > So, I've requested my hosting provider to check "Integrated Windows
    > authentication" for my site, but they provided me with workaround
    > instructions on how can I set "modify" permissions on parent folder of
    > "thumbnails" folder. But that doesn't solve my issue because I can't
    > set permissions with my FTP client.
    > My question is, is there some kind of security risk for hosting
    > provider to grant my site "Integrated Windows authentication", if it
    > is, is there any way for my control to work without need of taking
    > care pre-requests like this one.
    >
    > Thanks,
    > manikal
    >
    Mark Fitzpatrick, Apr 1, 2007
    #2
    1. Advertising

  3. manikal

    manikal Guest

    Hi Mark,

    I appreciate your answer.

    I've contacted my host, and they don't have control panel feature
    "yet", but they've set "modify" permission on whole site for ASPNET
    user, and now my control is working properly. However, they've warn me
    that this could be potential security risk, without any further
    explanation. Now I am interested what exactly security risk?

    Thanks,
    Mijo
    manikal, Apr 2, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sleigh
    Replies:
    1
    Views:
    2,686
    sleigh
    Feb 12, 2004
  2. Johannes Hammersen

    Check for write permisson on directory

    Johannes Hammersen, Jun 29, 2005, in forum: ASP .Net
    Replies:
    6
    Views:
    484
    =?Utf-8?B?UHJha2FzaC5ORVQ=?=
    Jun 30, 2005
  3. clintonb
    Replies:
    0
    Views:
    343
    clintonb
    Feb 26, 2008
  4. Mohseniaref
    Replies:
    3
    Views:
    213
    Mohseniaref
    Aug 3, 2010
  5. Chad
    Replies:
    0
    Views:
    221
Loading...

Share This Page