Understanding Server.MapPath

[laura]

I'm trying to understand fully Server.MapPath. I am writing an intranet for
a small company and want to be able to put some files accessible to all,
hyperlinked from the intranet and therefore, outside of the website area -
the idea being that I want staff to be able to copy files into folders that
can be accessed by hyperlinks on the intranet pages.

I've had a problem separating them from the intranet HTML and ASP pages,
which is obviously important as I do not want staff to be able to amend the
intranet pages themselves.

At the moment I have a structure that looks like this.

c:\inetpub\intranet where all the HTML and ASP files will be held,
i.e., the root of my "website".

the files to be copied into folders will go into subfolders and I'm sure
this is where I have gone wrong.. they should go somewhere else, but I am
not sure then how to hyperlink to files that are not within the "website".

c:\inetpub\intranet\intranetfiles

I tried putting the files in a folder "away" from the intranet HTML files...

c:\inetpub\intranetfiles - but that was one step back from the website and
I could not link to them for some reason. I do not know how to link to files
that are somewhere else on the server, e.g., c:\intranetfiles. I want staff
to "see" and access that folder, but not the intranet website.. I'm a bit
stuck on this.

Can someone explain to me why it is that Option (A) below returns
c:\inetpub\intranet and Option (B) returns
C:\WINDOWS\SYSTEM\inetsrv\iisadmin. Is it because the inetsrv folder is part
of the "website"? this has confused me.

A) Response.Write Server.Mappath("/") & "<br>"
B) Response.Write Server.Mappath("\iisadmin") & "<br>"

Thanks
Laura TD

 

[Steven Burn]

"/" is the website root
"/iisadmin" is the IIS errr "iisadmin" folder (which btw, should be disabled! (download and run IISLockdown))

IISLockdown: http://surl.co.uk/?1455

Original URL: http://www.microsoft.com/downloads/...C0-BB30-47EB-9A61-FD755D23CDEC&displaylang=en

As for your layout, if I'm understanding correctly, you have two site's;

/root
/root/intranet

and you want to be able to access the files in /root from /root/intranet?

If this is the case, you can (assuming you've allowed it in the IIS settings) use parent paths;

.../somefileintheroot.htm

Where ../ is the level. So for example, if your intranet was in;

/root/intranet/someotherfolder

you would use;

.../../somefileintheroot.htm

or quite simply;

/somefileintheroot.htm

It should be noted however, if the intranet is inside the root (/root/intranet), you'll need to move it elsewhere if your not wanting it to be accessed via the outside world, or alternatively, use NTFS permissions to stop it being accessed by unauthorised personnel.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Mark J. McGinty]

I'm trying to understand fully Server.MapPath. I am writing an intranet
for a small company and want to be able to put some files accessible to
all, hyperlinked from the intranet and therefore, outside of the website
area - the idea being that I want staff to be able to copy files into
folders that can be accessed by hyperlinks on the intranet pages.

I've had a problem separating them from the intranet HTML and ASP pages,
which is obviously important as I do not want staff to be able to amend
the intranet pages themselves.

At the moment I have a structure that looks like this.

c:\inetpub\intranet where all the HTML and ASP files will be held,
i.e., the root of my "website".

the files to be copied into folders will go into subfolders and I'm sure
this is where I have gone wrong.. they should go somewhere else, but I am
not sure then how to hyperlink to files that are not within the "website".

c:\inetpub\intranet\intranetfiles

I tried putting the files in a folder "away" from the intranet HTML
files...

c:\inetpub\intranetfiles - but that was one step back from the website
and I could not link to them for some reason. I do not know how to link to
files that are somewhere else on the server, e.g., c:\intranetfiles. I
want staff to "see" and access that folder, but not the intranet website..
I'm a bit stuck on this.

Can someone explain to me why it is that Option (A) below returns
c:\inetpub\intranet and Option (B) returns
C:\WINDOWS\SYSTEM\inetsrv\iisadmin. Is it because the inetsrv folder is
part of the "website"? this has confused me.

A) Response.Write Server.Mappath("/") & "<br>"
B) Response.Write Server.Mappath("\iisadmin") & "<br>"

Server.MapPath turns a "virtual path" as defined within the web server, into
a physical path, that's meaningful to the server's file system. Apparently
you're using the Administration virtual server that installs with IIS?
Under it is defined a virtual directory called "\iisadmin." The location
this virtual directory actually references is determined by the properties
of the virtual directory.

So what you need to do is create a virtual directory in your web root
(actually I'd disable that default site and create another one,) call the
virtual directory "files" or whatever else, and set it's physical directory
to c:\inetpub\intranetfiles. You can then enable directory browsing for
that virtual directory, and all subdirs underneath it will inherit that
setting.

One thing that's very important: make SURE that execute and script execute
permissions are not enabled for the "files" virtual directory (i.e., any
directory in which users are allowed to create/modify files.)


Good Luck,
Mark

 

[laura]

I'm sorry if I'm not being clear.

I think what I'm trying to achieve is to access files somewhere else on the
server or computer where the website/intranet resides, or even on a
different drive within the company if that's possible.. i.e., my intranet
resides in

/root and I want to be able to hyperlink to a file or files in

c:\companyfiles\

Can that be done or am I barking up the wrong tree? I am able to access any
file from /root down to any subfolder, but nothing above /root.

I am working from home and intend to install this on a server in an office
where I don't work on a daily basis.. there is an IT man there who
presumably will set these things up for me as explained by you below, but I
need to have an understanding as to where I can put company files separate
and away from the intranet itself. I will also have a couple of database
files which I want 'hidden' away from staff. The idea is that this is on a
local personal webserver/intranet and not open to the world wide web.

Sorry if I'm being confusing.

Laura


"/" is the website root
"/iisadmin" is the IIS errr "iisadmin" folder (which btw, should be
disabled! (download and run IISLockdown))

IISLockdown: http://surl.co.uk/?1455

Original URL:
http://www.microsoft.com/downloads/...C0-BB30-47EB-9A61-FD755D23CDEC&displaylang=en

As for your layout, if I'm understanding correctly, you have two site's;

/root
/root/intranet

and you want to be able to access the files in /root from /root/intranet?

If this is the case, you can (assuming you've allowed it in the IIS
settings) use parent paths;

.../somefileintheroot.htm

Where ../ is the level. So for example, if your intranet was in;

/root/intranet/someotherfolder

you would use;

.../../somefileintheroot.htm

or quite simply;

/somefileintheroot.htm

It should be noted however, if the intranet is inside the root
(/root/intranet), you'll need to move it elsewhere if your not wanting it to
be accessed via the outside world, or alternatively, use NTFS permissions to
stop it being accessed by unauthorised personnel.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Steven Burn]

No problem.

If your intranet is in /root and you want access to C:\companyfiles, you can either;

1. Use the FileSystemObject to access them
2. Use ../ to drill down

Note however, neither of the above will work if IUSR_<machine> does not have read permissions on them.

The latter will work if the /root folder is located on the same drive, otherwise you'll need to use the FileSystemObject (or one of the alternative's). For example;

<%
'// example.asp
Option Explicit
Dim objFSO, objFldr, objFl, iCount
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objFldr = objFSO.GetFolder("C:\companyfiles")
For Each objFl In objFldr.Files
Response.Write objFl.Name & " is located in: " & objFldr.Path & " and is " & objFl.Size & " bytes<br>"
iCount = iCount + 1
Next
Response.Write "********************************************<br>"
Response.Write iCount & " files found in " & objFldr.Path & "<br>"
Response.Write "********************************************<br>"
Set objFSO = Nothing
%>

If you want the intranet users to be able to actually use/modify/download the files, you'll additionally need to either;

1. Copy them to a temporary folder above the webroot, then delete them when they're finished with it
2. Use the Stream method to dynamically send it to them
3. Use the Content-Disposition tag to dynamically send it to them

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[laura]

Dear Steven,

Thanks for your advice. I'm afraid you've lost me on the last 3 options, I'm
not sufficiently clever to be able to apply your suggestions.

At this time the "problem" I have run into is that I have more or less
written the intranet in HTML and have used ASP on just one page where I want
specified people to be able to log in to amend on aspect. This is working
fine and with the advice you gave below I can at least put the users.mdb
file somewhere inaccessible.

However, for all the "company files" (forms, handbooks etc.) I could not
figure out a way of putting them somewhere else on the server, away from the
intranet files and then to be able to hyperlink to them. I could not "see"
beyond the root. Therefore I had to stick in a folder called "companyfiles"
as a sub folder from the root - and this folder will be accessible by any
employee who is authorised to copy files into the subdirectories. I really
did not want all the intranet (HTML) files to also be visible, but could not
see a way around it. Using the FileSystemObject seems to be the solution and
I think this means turning all the HTML pages into ASP pages and
hyperlinking using the FileSystemObject. I will have to rewrite most of what
I have done.

I thought I would just explain the situation so far and thank you for your
help.
Laura TD


No problem.

If your intranet is in /root and you want access to C:\companyfiles, you can
either;

1. Use the FileSystemObject to access them
2. Use ../ to drill down

Note however, neither of the above will work if IUSR_<machine> does not have
read permissions on them.

The latter will work if the /root folder is located on the same drive,
otherwise you'll need to use the FileSystemObject (or one of the
alternative's). For example;

<%
'// example.asp
Option Explicit
Dim objFSO, objFldr, objFl, iCount
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objFldr = objFSO.GetFolder("C:\companyfiles")
For Each objFl In objFldr.Files
Response.Write objFl.Name & " is located in: " & objFldr.Path & "
and is " & objFl.Size & " bytes<br>"
iCount = iCount + 1
Next
Response.Write "********************************************<br>"
Response.Write iCount & " files found in " & objFldr.Path & "<br>"
Response.Write "********************************************<br>"
Set objFSO = Nothing
%>

If you want the intranet users to be able to actually use/modify/download
the files, you'll additionally need to either;

1. Copy them to a temporary folder above the webroot, then delete them when
they're finished with it
2. Use the Stream method to dynamically send it to them
3. Use the Content-Disposition tag to dynamically send it to them

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Bob Barrows [MVP]]

Dear Steven,

Thanks for your advice. I'm afraid you've lost me on the last 3
options, I'm not sufficiently clever to be able to apply your
suggestions.

At this time the "problem" I have run into is that I have more or less
written the intranet in HTML and have used ASP on just one page where
I want specified people to be able to log in to amend on aspect. This
is working fine and with the advice you gave below I can at least put
the users.mdb file somewhere inaccessible.

However, for all the "company files" (forms, handbooks etc.) I could
not figure out a way of putting them somewhere else on the server,
away from the intranet files and then to be able to hyperlink to
them.

If you need to hyperlink to tem, then they need to be in your site. However,
there is an alternative to hyperlinking to them: you can use an ADO Stream
object on server-side to read a file outside the web and stream to contents
to the client. I think Curt has an example of this at his DarkFalz site.

Bob Barrows

 

[Mark J. McGinty]

[I'm assuming you did not see my reply, so I'm re-posting it here, out of
it's thread context.]

Can someone explain to me why it is that Option (A) below returns
c:\inetpub\intranet and Option (B) returns
C:\WINDOWS\SYSTEM\inetsrv\iisadmin. Is it because the inetsrv folder is
part of the "website"? this has confused me.

A) Response.Write Server.Mappath("/") & "<br>"
B) Response.Write Server.Mappath("\iisadmin") & "<br>"

Server.MapPath turns a "virtual path" as defined within the web server, into
a physical path, that's meaningful to the server's file system. Apparently
you're using the Administration virtual server that installs with IIS?
Under it is defined a virtual directory called "\iisadmin." The location
this virtual directory actually references is determined by the properties
of the virtual directory.

So what you need to do is create a virtual directory in your web root
(actually I'd disable that default site and create another one,) call the
virtual directory "files" or whatever else, and set it's physical directory
to c:\inetpub\intranetfiles. You can then enable directory browsing for
that virtual directory, and all subdirs underneath it will inherit that
setting.

One thing that's very important: make SURE that execute and script execute
permissions are not enabled for the "files" virtual directory (i.e., any
directory in which users are allowed to create/modify files.)


Good Luck,
Mark