Composite Control need write permisson

Discussion in 'ASP .Net Building Controls' started by manikal, Mar 28, 2007.

  1. manikal

    manikal Guest

    I've just finished building my composite control, it is image gallery
    that generates thumbnails from images in specified folder and creates
    new folder in which generated thumbnails been saved.

    For my control to operate correct in hosting environment in IIS -
    Directory Security "Integrated Windows authentication" needs to be
    checked. Is that "un-common" pre-request for control of this type?
    I am asking this because when I uploaded my web application with this
    control on site, on page with my control I get
    ASP.NET is not authorized to access the requested resource. Consider
    granting access rights to the resource to the ASP.NET request
    identity. ASP.NET has a base process identity (typically {MACHINE}
    \ASPNET on IIS 5 or Network Service on IIS 6) that is used if the
    application is not impersonating. If the application is impersonating
    via <identity impersonate="true"/>, the identity will be the anonymous
    user (typically IUSR_MACHINENAME) or the authenticated request user.
    Exception is raised when control need to create "thumbnails" folder.

    So, I've requested my hosting provider to check "Integrated Windows
    authentication" for my site, but they provided me with workaround
    instructions on how can I set "modify" permissions on parent folder of
    "thumbnails" folder. But that doesn't solve my issue because I can't
    set permissions with my FTP client.
    My question is, is there some kind of security risk for hosting
    provider to grant my site "Integrated Windows authentication", if it
    is, is there any way for my control to work without need of taking
    care pre-requests like this one.

    manikal, Mar 28, 2007
    1. Advertisements

  2. Your host is actually recommending the correct course of action in this
    case. If a control needs write access, then the permissions on the directory
    must be modified to enable that. Using Integrated authentication isn't going
    to alter that. It will still require the correct permissions used by the
    user account that is running under, the ASPNET user account or
    Network Service account (for Win 2003 boxes). Does your host provide you
    with a control panel? If so, then that is probably where you need to be
    altering permissions. Every host I've run into either has this done through
    a control panel, or has a process in place that let's you request particular
    permissions for a folder. In this case though, it sounds as if they have
    provided you with a mechanism to do this. I don't know of an FTP client
    that is able to alter the permissions on a Windows Server, though there may
    be one somewhere. Integrated Windows Authentication may cause some
    side-effects that you're not aware of. Using this method changes how the
    authentication request is sent to the client browser, typically requesting
    an NTLM response. Non-IE browsers don't use NTLM authentication and can only
    handle basic authentication responses. The side-effect is that when
    switching methods you end up with browsers that can't authenticate the
    anonymous user to view the site.
    Mark Fitzpatrick, Apr 1, 2007
    1. Advertisements

  3. manikal

    manikal Guest

    Hi Mark,

    I appreciate your answer.

    I've contacted my host, and they don't have control panel feature
    "yet", but they've set "modify" permission on whole site for ASPNET
    user, and now my control is working properly. However, they've warn me
    that this could be potential security risk, without any further
    explanation. Now I am interested what exactly security risk?

    manikal, Apr 2, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.