I have a complex problem that needs a lot of background explanation before I can ask questions,
so here goes....
Our system consists of two servers.
-WebUI server - Windows 2000 - runs asp.net pages, and handles http requests.
All requests go through this frontend public server. Business objects are then called, which
execute stored procs, etc on the WebSQL server.
-WebSQL server - Windows 2000 - SQLServer2000 database and file server.
This server is not public to the internet, but is accessable by the WebUI server.
A piece of functionality in our ASP.NET web application is to allow a user to upload
a file. We store a record in the database with information about the file, but
physically store the file on the harddrive in a special directory structure.
All files are stored on the WebSQL server, however, not the WebUI server.
I use an HtmlInputFile control to transfer the file from the user's machine to the
WebUI server.
ex:
txtFile.PostedFile.SaveAs(strFilePath & "\" & strFileName)
The file path however is a UNC path, like "\\WebSQL\path\etc"
Getting the WebUI server to be able to save a file to the WebSQL server took some work.
I got it to work by doing the following:
1. Made sure both WebUI and WebSQL had the ASPNET account.
2. Gave the ASPNET account on the WebSQL machine full rights to the subdirectory structure where we save files.
3. Gave the ASPNET account "List File Contents" rights for the root drive where the previous directory structure exists.
4. Changed the username/password of the <processmodel> section of machine.config file of the WebUI machine to "ASPNET" and the corresponding password.
Doing all of this allows us to be able to upload files through a web page interface and save those files on the backend WebSQL server.
However, for some reason the Administrator account of the WebSQL server CANNOT delete or change permission on any files or directories that were created by the ASPNET account - even though Administrator is show with FULL CONTROL on the file or directory?!?
I discovered that if you go into the file properties from file explorer, even though it does not allow the administrator to change ANY security permissions for this specific file or dir, you can go to the Advanced dialog and change the OWNER to the Administrator. For some reason the previous owner said "Unknown". Once the file or directory has been set to Administrator then you can give the correct security rights to the file and actually delete it through windows explorer.
So my question is:
-How can I give the ASPNET (on the WebSQL server) account better permissions so that when a file is written, anyone that has the correct permissions can delete/modify/etc the file OTHER than the aspnet account?
-OR is there a better way to do what I am trying to accomplish?
Thank you for reading this long message.
Brian
