469,350 Members | 1,830 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,350 developers. It's quick & easy.

Server.MapPath() works differently on IIS 6.0 compared to IIS 5.0

Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files' is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure correct
mapping of virtual paths?

Many thanks

Elie Grouchko
Jul 22 '05 #1
7 3302
Elie Grouchko wrote on 01 jan 2005 in
microsoft.public.inetserver.asp.general:
I am calling Server.MapPath(), the parameter is a virtual path that
includes a reference to a parent path ("Root/Files/../Config/").
'Config' is a

Server.MapPath("Root/Files/../Config/")

Try:

Server.MapPath("/Root/Files/../Config/")

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #2
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files' is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff
Jul 22 '05 #3
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)

In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files'
is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff

Jul 22 '05 #4
Elie Grouchko wrote on 03 jan 2005 in
microsoft.public.inetserver.asp.general:
In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.


This does not work, Elie.

Server.MapPath() needs a string argument
and /Root/Files/../Config/ will not evaluate to a string.

result = Server.MapPath("/Root/Files/../Config/")

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 22 '05 #5
Since you say you have parentpaths enabled in both versions I suspect that
it is a security change. You always know the site-relative path to the
config directory so just use "/root/config/"

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Elie Grouchko" <eg*******@hotmail.com> wrote in message
news:em**************@TK2MSFTNGP12.phx.gbl...
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)

In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files'is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff


Jul 22 '05 #6
On Mon, 3 Jan 2005 12:04:28 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)
Well, that's exactly where it should go. From the website it goes to
root, then down to files, then back up to root, then down to config.
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)
That's where it should go as well, to the virtual folder.

Your issue is traversing files, which has changed. You can't traverse
down then back up then into a virtual folder as before. And there was
a file traversal security fix for w2K that should have prevented this
in IIS5, as would using the IIS Lockdown Tool.

Jeff
In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory. 'Files'
is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to "C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?


Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff


Jul 22 '05 #7
I didn't think about security issues, it does make sense now.

Thanks for your help

Elie Grouchko
"Jeff Cochran" <je*********@zina.com> wrote in message
news:41****************@msnews.microsoft.com...
On Mon, 3 Jan 2005 12:04:28 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:
Hi Jeff

Sorry for the typo error

I am using the following folder structure:

c:\website\root\files\foo.asp
c:\website\root\configfiles\1\foo.txt

Virtual directories:

The website in IIS is mapped to c:\website

/Root points to c:\website\root
/Root/Config points to c:\website\configfiles\1

In foo.asp there is code that tries to access foo.txt by using
Server.MapPath(/Root/Files/../Config/) to map the file folder.

In IIS 6.0 (Windows SBS 2003):
1. Server.MapPath(/Root/Files/../Config/) returns c:\website\root\config
(wrong)


Well, that's exactly where it should go. From the website it goes to
root, then down to files, then back up to root, then down to config.
2. Server.MapPath(/Root/Config/) returns
c:\website\root\configfiles\1 (correct)


That's where it should go as well, to the virtual folder.

Your issue is traversing files, which has changed. You can't traverse
down then back up then into a virtual folder as before. And there was
a file traversal security fix for w2K that should have prevented this
in IIS5, as would using the IIS Lockdown Tool.

Jeff
In IIS 5.0 (Windows 2000) both return the same correct result (2)

I am now using option 2 so I can continue my work, but I'd like to
understand what's wrong with my original code.

The ParentPath option is set in both IIS 5 and IIS 6

Thanks for your help,

Elie Grouchko

"Jeff Cochran" <je*********@zina.com> wrote in message
news:41***************@msnews.microsoft.com...
On Sat, 1 Jan 2005 19:02:44 +0200, "Elie Grouchko"
<eg*******@hotmail.com> wrote:

Hi

I am running exactly the same ASP code on IIS 5.0 and IIS 6.0

I am calling Server.MapPath(), the parameter is a virtual path that
includes
a reference to a parent path ("Root/Files/../Config/"). 'Config' is a
virtual directory under 'Root' which is also a virtual directory.
'Files'
is
a normal folder.

Under IIS 5.0, the path is correctly mapped to the local path of the
'Config' virtual directory.

Under IIS 6.0, the path gets mapped to
"C:\WebSite\Root\Files\..\Config",
ignoring the 'Config' virtual directory mapping.

Is there a special setting I should be aware of in IIS 6.0 to ensure
correct
mapping of virtual paths?

Shouldn't that be Server.MapPath("/Config") ? It's a virtual folder
under the root, if you wanted to get to the folder in a url you'd use
http://{host}.{Domain}.{TLD}/Config/ so that's where the MapPath
should point.

Jeff

Jul 22 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Cozmo | last post: by
7 posts views Thread by benoit | last post: by
5 posts views Thread by MichiMichi | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.