Server.MapPath() works differently on IIS 6.0 compared to IIS 5.0

Elie Grouchko · Jan 1, 2005

Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files' is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure correct
mapping of virtual paths?

Many thanks

Elie Grouchko

Evertjan. · Jan 1, 2005

Elie Grouchko wrote on 01 jan 2005 in
microsoft.public.inetserver.asp.general:

I am calling Server.MapPath(), the parameter is a virtual path that
includes a reference to a parent path ("Root/Files/../Config/").
'Config' is a

Server.MapPath("Root/Files/../Config/")

Try:

Server.MapPath("/Root/Files/../Config/")

Jeff Cochran · Jan 2, 2005

Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files' is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure correct
mapping of virtual paths?

Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff

Elie Grouchko · Jan 3, 2005

Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)

In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

Evertjan. · Jan 3, 2005

Elie Grouchko wrote on 03 jan 2005 in
microsoft.public.inetserver.asp.general:

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

This does not work, Elie.

Server.MapPath() needs a string argument
and /Root/Files/../Config/ will not evaluate to a string.

result = Server.MapPath("/Root/Files/../Config/")

Mark Schupp · Jan 3, 2005

Since you say you have parentpaths enabled in both versions I suspect that
it is a security change. You always know the site-relative path to the
config directory so just use "/root/config/"

Jeff Cochran · Jan 4, 2005

Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)

Well, that's exactly where it should go. From the website it goes to
root, then down to files, then back up to root, then down to config.

2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)

That's where it should go as well, to the virtual folder.

Your issue is traversing files, which has changed. You can't traverse
down then back up then into a virtual folder as before. And there was
a file traversal security fix for w2K that should have prevented this
in IIS5, as would using the IIS Lockdown Tool.

Jeff

Elie Grouchko · Jan 4, 2005

I didn't think about security issues, it does make sense now.

Thanks for your help

Elie Grouchko

Server.MapPath	2	Nov 20, 2009
Problems with IIS 6.0	0	Nov 14, 2006
Classic asp and IIS 6.0	2	Feb 27, 2007
Install of IIS 6.0 Renders Web Site Unusable	1	Mar 30, 2006
Server.MapPath - Parent Paths Disabled - Windows 2003 IIS 6 - WorkAround	23	Aug 26, 2004
Classic ASP and IIS 6.0	2	Jan 31, 2007
IIS 7.0 Scripting.FileSystemObject	2	Mar 1, 2010
IIS(5.0) asp pages not work correctly on IIS(6.0)	2	Feb 16, 2005

Server.MapPath() works differently on IIS 6.0 compared to IIS 5.0

Elie Grouchko

Evertjan.

Jeff Cochran

Elie Grouchko

Evertjan.

Mark Schupp

Jeff Cochran

Elie Grouchko

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads