creating directories

IIS 6.0 has additional security measures to prevent you from walking down the
tree. This is most likely the cause of your second issue. The reason is to
avoid transverse hacks, where a hacker uses your code to get to a utility,
like the command shell, that allows him to take over your machine.

You can get around this security by one of two means:

1. Reduce the security on the machine - not advised
2. Move the code that does the work on the other root into a service of some
sort that is controlled via commands from your application. This is a bit
more code intensive, but does not reduce the security on Windows Server 2003
to solve a problem.

How to achieve 2:

1. Service is an option. The interface is likely to be remoting.
2. Enterprise Services (COM+) is another option, as you can give rights to
the COM+ app that the web server does not have

NOTE: No matter how you circumvent this, you will have to be careful to
authenticate the user, as you have given them some power. Also, be extremely
careful you do not leave security holes in the app that creates and controls
new virtual roots, as you may leave a hacker back door.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"Stelrad Doulton" wrote:

Hi,

I am having a strange problem on IIS 6.0.

I am trying to create directories under a virtual directory on the fly to
which I will upload files and retrieve these files later. I am having 2
problems:

1. I am using the code below to create a directory:

string path = Path.GetDirectoryName(context.Request.PhysicalPath );
if(!Directory.Exists(path))
Directory.CreateDirectory(path);

When I do this I get entries in the DefaultAppPool list for each directory
AND new virtual directories with the same name!

2. I am also unable to retrieve that data from these folders. I can navigate
down to the directory which holds the data but cannot access it. For example
if I started at www.someplace.com/root/ I may have added ID/IN making
www.someplace.com/root/ID/IN using the technique listed above. With
directory listing on I can navigate right down to this folder but if I then
click on the actual file that is in this folder I get a 404 error!

Can anyone shed any light on this?

Cheers

Hi,

Thanks for the response. The first issues seems to have resolved itself, I
don't understand why, I must have been doing something pretty dumb but now I
am getting vanilla directories under the correct virtual directory with no
other weird stuff going on.

I am a bit stuck on the rest of it though. I have a custom PUT handler that
creates these directories if they do not exist before writing a file to
them. Can you clarify to me why these files will not be served? Surely it
would be servable if I had FTP'ed it up?

Thanks for your time.
"Cowboy (Gregory A. Beamer) - MVP" <No************@comcast.netNoSpamM> wrote
in message news:40**********************************@microsof t.com...

IIS 6.0 has additional security measures to prevent you from walking down
the
tree. This is most likely the cause of your second issue. The reason is to
avoid transverse hacks, where a hacker uses your code to get to a utility,
like the command shell, that allows him to take over your machine.

You can get around this security by one of two means:

1. Reduce the security on the machine - not advised
2. Move the code that does the work on the other root into a service of
some
sort that is controlled via commands from your application. This is a bit
more code intensive, but does not reduce the security on Windows Server
2003
to solve a problem.

How to achieve 2:

1. Service is an option. The interface is likely to be remoting.
2. Enterprise Services (COM+) is another option, as you can give rights to
the COM+ app that the web server does not have

NOTE: No matter how you circumvent this, you will have to be careful to
authenticate the user, as you have given them some power. Also, be
extremely
careful you do not leave security holes in the app that creates and
controls
new virtual roots, as you may leave a hacker back door.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"Stelrad Doulton" wrote:

Hi,

I am having a strange problem on IIS 6.0.

I am trying to create directories under a virtual directory on the fly to
which I will upload files and retrieve these files later. I am having 2
problems:

1. I am using the code below to create a directory:

string path = Path.GetDirectoryName(context.Request.PhysicalPath );
if(!Directory.Exists(path))
Directory.CreateDirectory(path);

When I do this I get entries in the DefaultAppPool list for each
directory
AND new virtual directories with the same name!

2. I am also unable to retrieve that data from these folders. I can
navigate
down to the directory which holds the data but cannot access it. For
example
if I started at www.someplace.com/root/ I may have added ID/IN making
www.someplace.com/root/ID/IN using the technique listed above. With
directory listing on I can navigate right down to this folder but if I
then
click on the actual file that is in this folder I get a 404 error!

Can anyone shed any light on this?

Cheers

as a quick test I dropped a file into one of these directories from Explorer
and it was served properly. Does IIS keep meta infomation on files (ie how
it came to be where it was)? If so would it be possible to alter this
information from code?

Thanks

"Stelrad Doulton" <___@____.com> wrote in message
news:eT**************@TK2MSFTNGP10.phx.gbl...

Hi,

Thanks for the response. The first issues seems to have resolved itself, I
don't understand why, I must have been doing something pretty dumb but now
I am getting vanilla directories under the correct virtual directory with
no other weird stuff going on.

I am a bit stuck on the rest of it though. I have a custom PUT handler
that creates these directories if they do not exist before writing a file
to them. Can you clarify to me why these files will not be served? Surely
it would be servable if I had FTP'ed it up?

Thanks for your time.
"Cowboy (Gregory A. Beamer) - MVP" <No************@comcast.netNoSpamM>
wrote in message
news:40**********************************@microsof t.com...

IIS 6.0 has additional security measures to prevent you from walking down
the
tree. This is most likely the cause of your second issue. The reason is
to
avoid transverse hacks, where a hacker uses your code to get to a
utility,
like the command shell, that allows him to take over your machine.

You can get around this security by one of two means:

1. Reduce the security on the machine - not advised
2. Move the code that does the work on the other root into a service of
some
sort that is controlled via commands from your application. This is a bit
more code intensive, but does not reduce the security on Windows Server
2003
to solve a problem.

How to achieve 2:

1. Service is an option. The interface is likely to be remoting.
2. Enterprise Services (COM+) is another option, as you can give rights
to
the COM+ app that the web server does not have

NOTE: No matter how you circumvent this, you will have to be careful to
authenticate the user, as you have given them some power. Also, be
extremely
careful you do not leave security holes in the app that creates and
controls
new virtual roots, as you may leave a hacker back door.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"Stelrad Doulton" wrote:

Hi,

I am having a strange problem on IIS 6.0.

I am trying to create directories under a virtual directory on the fly
to
which I will upload files and retrieve these files later. I am having 2
problems:

1. I am using the code below to create a directory:

string path = Path.GetDirectoryName(context.Request.PhysicalPath );
if(!Directory.Exists(path))
Directory.CreateDirectory(path);

When I do this I get entries in the DefaultAppPool list for each
directory
AND new virtual directories with the same name!

2. I am also unable to retrieve that data from these folders. I can
navigate
down to the directory which holds the data but cannot access it. For
example
if I started at www.someplace.com/root/ I may have added ID/IN making
www.someplace.com/root/ID/IN using the technique listed above. With
directory listing on I can navigate right down to this folder but if I
then
click on the actual file that is in this folder I get a 404 error!

Can anyone shed any light on this?

Cheers