471,831 Members | 1,034 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,831 software developers and data experts.

Server.MapPath() works differently on IIS 6.0 compared to IIS 5.0

Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files' is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure correct
mapping of virtual paths?

Many thanks

Elie Grouchko
Jul 22 '05 #1
7 3572
Elie Grouchko wrote on 01 jan 2005 in
microsoft.public.inetserver.asp.general:
I am calling Server.MapPath(), the parameter is a virtual path that
includes a reference to a parent path ("Root/Files/../Config/").
'Config' is a

Server.MapPath("Root/Files/../Config/")

Try:

Server.MapPath("/Root/Files/../Config/")

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #2
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files' is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff
Jul 22 '05 #3
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)

In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files'
is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff

Jul 22 '05 #4
Elie Grouchko wrote on 03 jan 2005 in
microsoft.public.inetserver.asp.general:
In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.


This does not work, Elie.

Server.MapPath() needs a string argument
and /Root/Files/../Config/ will not evaluate to a string.

result = Server.MapPath("/Root/Files/../Config/")

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #5
Since you say you have parentpaths enabled in both versions I suspect that
it is a security change. You always know the site-relative path to the
config directory so just use "/root/config/"

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Elie Grouchko" <eg*******@hotmail.com> wrote in message
news:em**************@TK2MSFTNGP12.phx.gbl...
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)

In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files'is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff


Jul 22 '05 #6
On Mon, 3 Jan 2005 12:04:28 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
Well, that's exactly where it should go. From the website it goes to
root, then down to files, then back up to root, then down to config.
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)
That's where it should go as well, to the virtual folder.

Your issue is traversing files, which has changed. You can't traverse
down then back up then into a virtual folder as before. And there was
a file traversal security fix for w2K that should have prevented this
in IIS5, as would using the IIS Lockdown Tool.

Jeff
In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files'
is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff


Jul 22 '05 #7
I didn't think about security issues, it does make sense now.

Thanks for your help

Elie Grouchko
"Jeff Cochran" <je*********@zina.com> wrote in message
news:41****************@msnews.microsoft.com...
On Mon, 3 Jan 2005 12:04:28 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)


Well, that's exactly where it should go. From the website it goes to
root, then down to files, then back up to root, then down to config.
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)


That's where it should go as well, to the virtual folder.

Your issue is traversing files, which has changed. You can't traverse
down then back up then into a virtual folder as before. And there was
a file traversal security fix for w2K that should have prevented this
in IIS5, as would using the IIS Lockdown Tool.

Jeff
In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:

Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory.
'Files'
is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to
"C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?

Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff

Jul 22 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Cozmo | last post: by
7 posts views Thread by benoit | last post: by
5 posts views Thread by MichiMichi | last post: by
NeoPa
reply views Thread by NeoPa | last post: by
aboka
reply views Thread by aboka | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.