Web App need permission to post files to a virtual directory

[TPS]

I have a virtual directory where all posted files are stored.

The ASP app does not have rights to the share on the other server where the
vir dir resides.

What is the best way to give the asp app the rights to post files to the vir
dir.

Thanks

TPS.

 

[Peter Morris [Droopy Eyes Software]]

The only way to give permissions is to alter the security settings on the
folder to allow the ASPNET_WP user full access to it.

If you cannot do this, then you will have to consider storing the files
inside your database.


--
Pete
=============
http://www.DroopyEyes.com - Delphi source code
Audio compression components, Fast Strings, DIB Controls

Read or write article on just about anything
http://www.HowToDoThings.com

 

[TPS]

Hey Pete, thanks for your reply.

The server where I am saving the files is NOT the server running IIS. The
servers are not in a domain either.

So how can I give the folder one one machine ASPNET_WP rights from another
machine?

-- Thanks again for your help.

TPS

 

[Felix Wu [MSFT]]

Hi TPS,

Since your servers are not in a domain, you have to use local accounts.

If you disabled "Allow Anonymous", this workaround can work:

1. Create an identical local account on both machine, with the same
username and password.
2. You can impersonation this local account for all the requests of an
ASP.NET application. To do this, add the following line in the web.config
of the web appliation:

<identity impersonate="true" userName="accountname" password="password" />

For more informaiton, please check:

306158 INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?id=306158

If you need to allow Anonymous access to the virtual directory, try this
method:

1. Create an identical local account on both machine, with the same
username and password.
2. Disable "Allow IIS to control password" option in the Authentication
Method dialog box of the ASP.NET web application.
3. Replace the default user name "IUSR_MachineName" with the local account
your created

Regards,

Felix Wu
=============
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

 

[TPS]

Felix, thanks for your post.

I am having trouble saving a file to the folder on the other server. The
user of the asp.net web site locates a file on his computer with the <input
type = file> button. Then in the button click of the "upload file" button I
am doing this:

string fileName =
System.IO.Path.GetFileName(filUploaded.PostedFile.FileName);
string SaveLocation = "path to folder on other server\" + fileName;

filUploaded.PostedFile.SaveAs(SaveLocation);


So I need Anonymous access to save files to the other server.

I don't think this method of saving a file has anything to do with a Virtual
Directory and it's permissions does it?

Thanks.

TPS

 

[Dilip Krishnan]

TPS,
By default there is no write access to the ASP.net account under
the inetpub directory. Anything outside of it you should easily be able
to save the file. Hope that helps

 

[TPS]

Phillip, thanks for your comments.
inetpub directory.
Can I change the default so the asp.net account can write to the folder?
that helps
So this suggests using impersonation to be "anything outside".

I am still unclear on how to get the aspnet user rights to upload files to a
folder on the other server.

Thanks again.

-- TPS

 

[Felix Wu [MSFT]]

Hi TPS,

"string SaveLocation = "path to folder on other server\" + fileName;"

"SaveLocation" is path to a shared foder, right?

Actually, when you enable "Allow Anonymouse" access, the requests are
processed under the security context of the account IUSER_machinename.
However, IUSER_machinename is a local account and you cannnot grant write
permission to a folder on mahince B to a local account in machine A, unless
you grant Everyone write permission, but this is NOT recommended because,
by doing so, everyboy can change the files in the shared folder.

To workaround this problem, you can use the method #2 I mentioned in my
previous post:

------------------------------------------
If you enabled "Anonymous access" option for the web application, you can
use this method:

1. Create an identical local account on both machines, with the same
username and password.
2. Disable "Allow IIS to control password" option in the Authentication
Method dialog box of the ASP.NET web application.
3. Replace the default user name "IUSR_MachineName" with the local account
your created
The above step tells IIS to use this specific account to process the
request instead of the default anonymous account: IUSER_machinename
---------------------------------------------

Regards,

Felix Wu
=============
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

From: "TPS" <[email protected]>
References: <[email protected]>

<#[email protected]>
<[email protected]>
<[email protected]>

 

[TPS]

Felix, your suggestion in method # 2 worked!

Thank you very much for your help and your great suggestions.

TPS

 

[Felix Wu [MSFT]]

It's great to hear it works!

FYI: You can use the Token Dump component from the MSDN magazine article to
check the token dump information in detail. It can give a clear view of how
ASP.NET security model works :

ASP .NET Security Issues (by Keith Brown)
http://msdn.microsoft.com/msdnmag/issues/01/11/security/default.aspx

Have a nice day.

Felix Wu
=============
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

From: "TPS" <[email protected]>
References: <[email protected]>

<#[email protected]>
<[email protected]>
<[email protected]>
<ueB1Z2#[email protected]>
<u#AOG9#[email protected]>