Best architecture - upload file and save on different server

[Pat Carden]

Hi,

We need to allow webusers to upload a file on our website (on Server3, all
servers run Server 2003, remotely hosted) and eventually save it on our SBS
Server (Server2) which is not exposed through our firewall. We have another
server (Server1) within the SBS domain that is exposed through port 80 of
the firewall on which we host some web services and images.

What is the best architecture for getting the file from the remotely hosted
web site (Server3) to our SBS Server (Server1). We have a 3.5mbs
connection. I had intended to use a webservice to receive a stream from the
HTMLInputControl and save that but there seem to be some security issues I
don't know how to overcome. My best alternative so far is to redirect the
upload to my Server 1 and save the file using the File1.SaveAs method. Then
use a FileSystemWatcher to move the file to Server2.

Any suggestions would be greatly appreciated. Thanks,

Pat

 

[Anon-E-Moose]

What is the best architecture for getting the file from the remotely
hosted web site (Server3) to our SBS Server (Server1). We have a
3.5mbs connection. I had intended to use a webservice to receive a
stream from the HTMLInputControl and save that but there seem to be
some security issues I don't know how to overcome. My best
alternative so far is to redirect the upload to my Server 1 and save
the file using the File1.SaveAs method. Then use a FileSystemWatcher
to move the file to Server2.

Any suggestions would be greatly appreciated. Thanks,

Why don't you have Server2 or Server1 poll Server3 occasionally to see if
there are new files?

That way there are no incoming connections.

 

[John Timney \(Microsoft MVP\)]

Accept the upload on server 1, either with upload to an aspx page or via a
webservice. Then use a windows service to FTP the file to server two (find
a secure ftp client to automate if you need to). Dont allow the ftp port
through the firewall and that way you only have port 80 open at your public
side, and its hard to hack through port 80 to another port on a different
machine if you have your machines well patched.

--
Regards

John Timney
Microsoft Regional Director
Microsoft MVP

 

[Pat Carden]

Could you elaborate on polling the remote server and then on the techniques
used to move the file?
Pat

 

[Pat Carden]

1. So use a Windows service so authentication is not a problem?? Please
confirm this is the reason for the Windows service.
2. Could the Windows service use the File.IO class to move the file from
Server1 to Server2?

 

[Pat Carden]

I was able to use the HTTPPostedFile.SaveAs method on Server1 to save the
file on Server2 with the path, "\\server2\filename", which I thought was not
allowed but it worked. So this seems like a simple and effective approach.
Any securitiy issues?

 

[John Timney \(Microsoft MVP\)]

Use the windows service so the actual stages in the process remain
disconnected and therefore less vulnerable, hence the FTP on a different
port with a different set of credentials to the asp account.

You could use the file IO class if the service was running with enough
permissions to map to the remote server. For security howver file paths are
more vulnerable. For IO, you would be more secure doing a one way read only
file pull from server 2 to server 1.

If you used asp.net to save the posted file to another server you would
likely be running the asp.net process with enough permissions on the account
to mount a share on the remote machine - if that account gets compromised
the hacker has the permissions to mount the remote server too. This is less
secure but probably as easy to implement.

--
Regards

John Timney
Microsoft Regional Director
Microsoft MVP