IIS 6.0 has additional security measures to prevent you from walking down the
tree. This is most likely the cause of your second issue. The reason is to
avoid transverse hacks, where a hacker uses your code to get to a utility,
like the command shell, that allows him to take over your machine.
You can get around this security by one of two means:
1. Reduce the security on the machine - not advised
2. Move the code that does the work on the other root into a service of some
sort that is controlled via commands from your application. This is a bit
more code intensive, but does not reduce the security on Windows Server 2003
to solve a problem.
How to achieve 2:
1. Service is an option. The interface is likely to be remoting.
2. Enterprise Services (COM+) is another option, as you can give rights to
the COM+ app that the web server does not have
NOTE: No matter how you circumvent this, you will have to be careful to
authenticate the user, as you have given them some power. Also, be extremely
careful you do not leave security holes in the app that creates and controls
new virtual roots, as you may leave a hacker back door.
---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"Stelrad Doulton" wrote:
Hi,
I am having a strange problem on IIS 6.0.
I am trying to create directories under a virtual directory on the fly to
which I will upload files and retrieve these files later. I am having 2
problems:
1. I am using the code below to create a directory:
string path = Path.GetDirectoryName(context.Request.PhysicalPath );
if(!Directory.Exists(path))
Directory.CreateDirectory(path);
When I do this I get entries in the DefaultAppPool list for each directory
AND new virtual directories with the same name!
2. I am also unable to retrieve that data from these folders. I can navigate
down to the directory which holds the data but cannot access it. For example
if I started at www.someplace.com/root/ I may have added ID/IN making
www.someplace.com/root/ID/IN using the technique listed above. With
directory listing on I can navigate right down to this folder but if I then
click on the actual file that is in this folder I get a 404 error!
Can anyone shed any light on this?
Cheers