Security problem when dynamically creating directories

Discussion in 'ASP .Net Security' started by Eran Kampf, Oct 13, 2004.

  1. Eran Kampf

    Eran Kampf Guest

    I am trying to dynamically create directories in my ASP.NET application (I
    am using Server.MapPath("/")+"test" as the folder)
    and I am getting a DirectoryNotFoundException saying "Could not find a part
    of the path "D:\".
    My site is hosted on a public ISP that for obvious security reasons does not
    allow my read access above my wwwroot folder which seems to be a problem
    when trying to create directories...

    Is there any way to solve this?

    --
    Eran Kampf
    blog: http://www.ekampf.com/blog
    Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
     
    Eran Kampf, Oct 13, 2004
    #1
    1. Advertising

  2. Eran Kampf

    Sahil Malik Guest

    Certain ISPs won't let you touch the filesystem even in the wwwroot. Your
    only option is to pretty much stick with the ISPs rules, be a good boy and
    create your directories only within wwwroot.

    Actually create them in a subdirectory within wwwroot, so that you can limit
    write access control to only that subdir (and no code lives there).

    - Sahil Malik
    You can reach me thru my blog at
    http://www.dotnetjunkies.com/weblog/sahilmalik



    "Eran Kampf" <> wrote in message
    news:%...
    > I am trying to dynamically create directories in my ASP.NET application (I
    > am using Server.MapPath("/")+"test" as the folder)
    > and I am getting a DirectoryNotFoundException saying "Could not find a

    part
    > of the path "D:\".
    > My site is hosted on a public ISP that for obvious security reasons does

    not
    > allow my read access above my wwwroot folder which seems to be a problem
    > when trying to create directories...
    >
    > Is there any way to solve this?
    >
    > --
    > Eran Kampf
    > blog: http://www.ekampf.com/blog
    > Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
    >
    >
     
    Sahil Malik, Oct 13, 2004
    #2
    1. Advertising

  3. Eran Kampf

    Eran Kampf Guest

    The following error is when trying to create a subdirectory udner wwwroot
    which is fine with the ISP....
    It seems that the problem occurs because of ISP security above the wwwroot
    level.

    By the way,
    The ISP support guy tried creating a directory using old asp (FileSystem
    object) and had no problems...

    "Sahil Malik" <> wrote in message
    news:%...
    > Certain ISPs won't let you touch the filesystem even in the wwwroot. Your
    > only option is to pretty much stick with the ISPs rules, be a good boy and
    > create your directories only within wwwroot.
    >
    > Actually create them in a subdirectory within wwwroot, so that you can
    > limit
    > write access control to only that subdir (and no code lives there).
    >
    > - Sahil Malik
    > You can reach me thru my blog at
    > http://www.dotnetjunkies.com/weblog/sahilmalik
    >
    >
    >
    > "Eran Kampf" <> wrote in message
    > news:%...
    >> I am trying to dynamically create directories in my ASP.NET application
    >> (I
    >> am using Server.MapPath("/")+"test" as the folder)
    >> and I am getting a DirectoryNotFoundException saying "Could not find a

    > part
    >> of the path "D:\".
    >> My site is hosted on a public ISP that for obvious security reasons does

    > not
    >> allow my read access above my wwwroot folder which seems to be a problem
    >> when trying to create directories...
    >>
    >> Is there any way to solve this?
    >>
    >> --
    >> Eran Kampf
    >> blog: http://www.ekampf.com/blog
    >> Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
    >>
    >>

    >
    >
     
    Eran Kampf, Oct 13, 2004
    #3
  4. Eran Kampf

    YK Guest

    Hi Eran,

    If you are sure that you can write to wwwroot using the old ASP approach
    (possibly through FileSystemObject), you can try enable impersonation for
    your ASP.NET application. In fact, the default ASPNET account needs to
    impersonate the client (or another account with higher access privilege on
    wwwroot) in order for the file system to honour the NTFS permission.

    Thanks,
    YK




    "Eran Kampf" wrote:

    > The following error is when trying to create a subdirectory udner wwwroot
    > which is fine with the ISP....
    > It seems that the problem occurs because of ISP security above the wwwroot
    > level.
    >
    > By the way,
    > The ISP support guy tried creating a directory using old asp (FileSystem
    > object) and had no problems...
    >
    > "Sahil Malik" <> wrote in message
    > news:%...
    > > Certain ISPs won't let you touch the filesystem even in the wwwroot. Your
    > > only option is to pretty much stick with the ISPs rules, be a good boy and
    > > create your directories only within wwwroot.
    > >
    > > Actually create them in a subdirectory within wwwroot, so that you can
    > > limit
    > > write access control to only that subdir (and no code lives there).
    > >
    > > - Sahil Malik
    > > You can reach me thru my blog at
    > > http://www.dotnetjunkies.com/weblog/sahilmalik
    > >
    > >
    > >
    > > "Eran Kampf" <> wrote in message
    > > news:%...
    > >> I am trying to dynamically create directories in my ASP.NET application
    > >> (I
    > >> am using Server.MapPath("/")+"test" as the folder)
    > >> and I am getting a DirectoryNotFoundException saying "Could not find a

    > > part
    > >> of the path "D:\".
    > >> My site is hosted on a public ISP that for obvious security reasons does

    > > not
    > >> allow my read access above my wwwroot folder which seems to be a problem
    > >> when trying to create directories...
    > >>
    > >> Is there any way to solve this?
    > >>
    > >> --
    > >> Eran Kampf
    > >> blog: http://www.ekampf.com/blog
    > >> Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
    > >>
    > >>

    > >
    > >

    >
    >
    >
     
    YK, Oct 14, 2004
    #4
  5. Eran,

    Server.MapPath("/") will return the path to the site root, which is not
    necessarily the root folder of your application. You should have better
    luck with Server.MapPath(null). In addition, the value returned may not
    have a trailing backslash. To ensure proper path generation, use
    Path.Combine rather than simple concatenation. e.g.:
    System.IO.Path.Combine(Server.MapPath(null), "test").

    If the above still doesn't work, have you tried simply writing the output
    from Server.MapPath to an ASPX page so that you can view the value? Is the
    returned value a path on which the execution context user should have
    adequate permissions to perform the operations that you are attempting?

    HTH,
    Nicole



    "Eran Kampf" <> wrote in message
    news:%...
    >I am trying to dynamically create directories in my ASP.NET application (I
    > am using Server.MapPath("/")+"test" as the folder)
    > and I am getting a DirectoryNotFoundException saying "Could not find a
    > part
    > of the path "D:\".
    > My site is hosted on a public ISP that for obvious security reasons does
    > not
    > allow my read access above my wwwroot folder which seems to be a problem
    > when trying to create directories...
    >
    > Is there any way to solve this?
    >
    > --
    > Eran Kampf
    > blog: http://www.ekampf.com/blog
    > Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
    >
     
    Nicole Calinoiu, Oct 14, 2004
    #5
  6. Eran Kampf

    Eran Kampf Guest

    The path I am trying to create is correct.
    I checked the knowledge base and I think the problem is due to the fact that
    D is a mapped network drive while the asp.net worker process is a local user
    that has no network access and thus cannot access the network drive.

    If that is true then
    1. How creating a directory with old ASP FileSystem object works fine?
    2. How come creating\reading\writing files in existing directories work
    fine?

    "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
    news:...
    > Eran,
    >
    > Server.MapPath("/") will return the path to the site root, which is not
    > necessarily the root folder of your application. You should have better
    > luck with Server.MapPath(null). In addition, the value returned may not
    > have a trailing backslash. To ensure proper path generation, use
    > Path.Combine rather than simple concatenation. e.g.:
    > System.IO.Path.Combine(Server.MapPath(null), "test").
    >
    > If the above still doesn't work, have you tried simply writing the output
    > from Server.MapPath to an ASPX page so that you can view the value? Is
    > the returned value a path on which the execution context user should have
    > adequate permissions to perform the operations that you are attempting?
    >
    > HTH,
    > Nicole
    >
    >
    >
    > "Eran Kampf" <> wrote in message
    > news:%...
    >>I am trying to dynamically create directories in my ASP.NET application (I
    >> am using Server.MapPath("/")+"test" as the folder)
    >> and I am getting a DirectoryNotFoundException saying "Could not find a
    >> part
    >> of the path "D:\".
    >> My site is hosted on a public ISP that for obvious security reasons does
    >> not
    >> allow my read access above my wwwroot folder which seems to be a problem
    >> when trying to create directories...
    >>
    >> Is there any way to solve this?
    >>
    >> --
    >> Eran Kampf
    >> blog: http://www.ekampf.com/blog
    >> Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
    >>

    >
    >
     
    Eran Kampf, Oct 14, 2004
    #6
  7. "Eran Kampf" <> wrote in message
    news:...
    > The path I am trying to create is correct.
    > I checked the knowledge base and I think the problem is due to the fact
    > that D is a mapped network drive while the asp.net worker process is a
    > local user that has no network access and thus cannot access the network
    > drive.


    If it's a mapped network drive, and you're trying to create directories
    within you application folder, is your application folder running from this
    mapped drive? If not, could you please provide the directory mapping for
    your application and the target folders?

    >
    > If that is true then
    > 1. How creating a directory with old ASP FileSystem object works fine?


    For starters, it's most likely using a different user context.


    > 2. How come creating\reading\writing files in existing directories work
    > fine?


    Without more information, all I could possibly do is make some rather wild
    guesses. <g> It would really help if you could provide a relevant code
    extract, indicating the line on which the exception is thrown and the
    complete exception details.


    >
    > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
    > news:...
    >> Eran,
    >>
    >> Server.MapPath("/") will return the path to the site root, which is not
    >> necessarily the root folder of your application. You should have better
    >> luck with Server.MapPath(null). In addition, the value returned may not
    >> have a trailing backslash. To ensure proper path generation, use
    >> Path.Combine rather than simple concatenation. e.g.:
    >> System.IO.Path.Combine(Server.MapPath(null), "test").
    >>
    >> If the above still doesn't work, have you tried simply writing the output
    >> from Server.MapPath to an ASPX page so that you can view the value? Is
    >> the returned value a path on which the execution context user should have
    >> adequate permissions to perform the operations that you are attempting?
    >>
    >> HTH,
    >> Nicole
    >>
    >>
    >>
    >> "Eran Kampf" <> wrote in message
    >> news:%...
    >>>I am trying to dynamically create directories in my ASP.NET application
    >>>(I
    >>> am using Server.MapPath("/")+"test" as the folder)
    >>> and I am getting a DirectoryNotFoundException saying "Could not find a
    >>> part
    >>> of the path "D:\".
    >>> My site is hosted on a public ISP that for obvious security reasons does
    >>> not
    >>> allow my read access above my wwwroot folder which seems to be a problem
    >>> when trying to create directories...
    >>>
    >>> Is there any way to solve this?
    >>>
    >>> --
    >>> Eran Kampf
    >>> blog: http://www.ekampf.com/blog
    >>> Sharp3D.Math: http://www.ekampf.com/Sharp3D.Math/
    >>>

    >>
    >>

    >
    >
     
    Nicole Calinoiu, Oct 15, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joel Finkel
    Replies:
    0
    Views:
    510
    Joel Finkel
    Sep 12, 2003
  2. Jeffry van de Vuurst
    Replies:
    2
    Views:
    551
    Jeffry van de Vuurst
    Jul 30, 2003
  3. =?Utf-8?B?TGFzc2UgTmlsc3Nvbg==?=

    Multiple bin-directories with virtual directories?

    =?Utf-8?B?TGFzc2UgTmlsc3Nvbg==?=, Nov 9, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    840
    =?Utf-8?B?TGFzc2UgTmlsc3Nvbg==?=
    Nov 9, 2004
  4. Paul F
    Replies:
    4
    Views:
    651
    Mark Fitzpatrick
    Jun 25, 2008
  5. Adam Petrie
    Replies:
    8
    Views:
    333
    Adam Petrie
    Oct 11, 2004
Loading...

Share This Page