Web App need permission to post files to a virtual directory

The only way to give permissions is to alter the security settings on the
folder to allow the ASPNET_WP user full access to it.

If you cannot do this, then you will have to consider storing the files
inside your database.
--
Pete
=============
http://www.DroopyEyes.com - Delphi source code
Audio compression components, Fast Strings, DIB Controls

Read or write article on just about anything
http://www.HowToDoThings.com


"TPS" <tp*@tps.com> wrote in message
news:ed******** ******@tk2msftn gp13.phx.gbl...

I have a virtual directory where all posted files are stored.

The ASP app does not have rights to the share on the other server where the vir dir resides.

What is the best way to give the asp app the rights to post files to the vir dir.

Thanks

TPS.

Hey Pete, thanks for your reply.

The server where I am saving the files is NOT the server running IIS. The
servers are not in a domain either.

So how can I give the folder one one machine ASPNET_WP rights from another
machine?

-- Thanks again for your help.

TPS

Hi TPS,

Since your servers are not in a domain, you have to use local accounts.

If you disabled "Allow Anonymous", this workaround can work:

1. Create an identical local account on both machine, with the same
username and password.
2. You can impersonation this local account for all the requests of an
ASP.NET application. To do this, add the following line in the web.config
of the web appliation:

<identity impersonate="tr ue" userName="accou ntname" password="passw ord" />

For more informaiton, please check:

306158 INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?id=306158

If you need to allow Anonymous access to the virtual directory, try this
method:

1. Create an identical local account on both machine, with the same
username and password.
2. Disable "Allow IIS to control password" option in the Authentication
Method dialog box of the ASP.NET web application.
3. Replace the default user name "IUSR_MachineNa me" with the local account
your created

Regards,

Felix Wu
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

From: "TPS" <tp*@tps.com>
References: <ed************ **@tk2msftngp13 .phx.gbl> <#r************ **@TK2MSFTNGP11 .phx.gbl>Subject: Re: Web App need permission to post files to a virtual directory
Date: Sat, 7 Feb 2004 14:52:28 -0600
Lines: 13
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <On************ **@TK2MSFTNGP12 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: h-66-134-6-74.dllatx37.cov ad.net 66.134.6.74
Path: cpmsftngxa07.ph x.gbl!cpmsftngx a06.phx.gbl!cpm sftngxa10.phx.g bl!TK2MSFTNGXA0 5
.phx.gbl!TK2MSF TNGP08.phx.gbl! TK2MSFTNGP12.ph x.gblXref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:2083 35
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet

Hey Pete, thanks for your reply.

The server where I am saving the files is NOT the server running IIS. The
servers are not in a domain either.

So how can I give the folder one one machine ASPNET_WP rights from another
machine?

-- Thanks again for your help.

TPS

Felix, thanks for your post.

I am having trouble saving a file to the folder on the other server. The
user of the asp.net web site locates a file on his computer with the <input
type = file> button. Then in the button click of the "upload file" button I
am doing this:

string fileName =
System.IO.Path. GetFileName(fil Uploaded.Posted File.FileName);
string SaveLocation = "path to folder on other server\" + fileName;

filUploaded.Pos tedFile.SaveAs( SaveLocation);
So I need Anonymous access to save files to the other server.

I don't think this method of saving a file has anything to do with a Virtual
Directory and it's permissions does it?

Thanks.

TPS

TPS,
By default there is no write access to the ASP.net account under
the inetpub directory. Anything outside of it you should easily be able
to save the file. Hope that helps

TPS wrote:

Felix, thanks for your post.

I am having trouble saving a file to the folder on the other server. The
user of the asp.net web site locates a file on his computer with the <input
type = file> button. Then in the button click of the "upload file" button I
am doing this:

string fileName =
System.IO.Path. GetFileName(fil Uploaded.Posted File.FileName);
string SaveLocation = "path to folder on other server\" + fileName;

filUploaded.Pos tedFile.SaveAs( SaveLocation);
So I need Anonymous access to save files to the other server.

I don't think this method of saving a file has anything to do with a Virtual
Directory and it's permissions does it?

Thanks.

TPS

Phillip, thanks for your comments.

By default there is no write access to the ASP.net account under the inetpub directory.
Can I change the default so the asp.net account can write to the folder?
Anything outside of it you should easily be able to save the file. Hope

that helps
So this suggests using impersonation to be "anything outside".

I am still unclear on how to get the aspnet user rights to upload files to a
folder on the other server.

Thanks again.

-- TPS

Hi TPS,

"string SaveLocation = "path to folder on other server\" + fileName;"

"SaveLocati on" is path to a shared foder, right?

Actually, when you enable "Allow Anonymouse" access, the requests are
processed under the security context of the account IUSER_machinena me.
However, IUSER_machinena me is a local account and you cannnot grant write
permission to a folder on mahince B to a local account in machine A, unless
you grant Everyone write permission, but this is NOT recommended because,
by doing so, everyboy can change the files in the shared folder.

To workaround this problem, you can use the method #2 I mentioned in my
previous post:

------------------------------------------
If you enabled "Anonymous access" option for the web application, you can
use this method:

1. Create an identical local account on both machines, with the same
username and password.
2. Disable "Allow IIS to control password" option in the Authentication
Method dialog box of the ASP.NET web application.
3. Replace the default user name "IUSR_MachineNa me" with the local account
your created
The above step tells IIS to use this specific account to process the
request instead of the default anonymous account: IUSER_machinena me
---------------------------------------------

Regards,

Felix Wu
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

From: "TPS" <tp*@tps.com>
References: <ed************ **@tk2msftngp13 .phx.gbl> <#r************ **@TK2MSFTNGP11 .phx.gbl>
<On************ **@TK2MSFTNGP12 .phx.gbl>
<ln************ **@cpmsftngxa07 .phx.gbl>
<ue************ **@TK2MSFTNGP11 .phx.gbl>
<u#************ **@TK2MSFTNGP09 .phx.gbl>Subject: Re: Web App need permission to post files to a virtual directory
Date: Tue, 10 Feb 2004 11:34:48 -0600
Lines: 18
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <eg************ **@TK2MSFTNGP10 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: h-66-134-6-74.dllatx37.cov ad.net 66.134.6.74
Path: cpmsftngxa07.ph x.gbl!cpmsftngx a10.phx.gbl!TK2 MSFTNGXA05.phx. gbl!TK2MSFTNGP0 8
.phx.gbl!TK2MSF TNGP10.phx.gblXref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:2089 74
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet

Phillip, thanks for your comments.

By default there is no write access to the ASP.net account under theinetpub directory.
Can I change the default so the asp.net account can write to the folder?Anything outside of it you should easily be able to save the file. Hope

that helps
So this suggests using impersonation to be "anything outside".

I am still unclear on how to get the aspnet user rights to upload files to

afolder on the other server.

Thanks again.

-- TPS

Felix, your suggestion in method # 2 worked!

Thank you very much for your help and your great suggestions.

TPS

It's great to hear it works!

FYI: You can use the Token Dump component from the MSDN magazine article to
check the token dump information in detail. It can give a clear view of how
ASP.NET security model works :

ASP .NET Security Issues (by Keith Brown)
http://msdn.microsoft.com/msdnmag/is...y/default.aspx

Have a nice day.

Felix Wu
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

From: "TPS" <tp*@tps.com>
References: <ed************ **@tk2msftngp13 .phx.gbl> <#r************ **@TK2MSFTNGP11 .phx.gbl>
<On************ **@TK2MSFTNGP12 .phx.gbl>
<ln************ **@cpmsftngxa07 .phx.gbl>
<ue************ **@TK2MSFTNGP11 .phx.gbl>
<u#************ **@TK2MSFTNGP09 .phx.gbl>
<eg************ **@TK2MSFTNGP10 .phx.gbl>
<ux************ **@cpmsftngxa07 .phx.gbl>Subject: Re: Web App need permission to post files to a virtual directory
Date: Wed, 11 Feb 2004 18:21:17 -0600
Lines: 7
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <eo************ **@TK2MSFTNGP12 .phx.gbl>
Newsgroups: microsoft.publi c.dotnet.framew ork.aspnet
NNTP-Posting-Host: h-66-134-6-74.dllatx37.cov ad.net 66.134.6.74
Path: cpmsftngxa07.ph x.gbl!cpmsftngx a06.phx.gbl!TK2 MSFTNGP08.phx.g bl!TK2MSFTNGP12 .
phx.gblXref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.framew ork.aspnet:2094 47
X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet

Felix, your suggestion in method # 2 worked!

Thank you very much for your help and your great suggestions.

TPS