470,596 Members | 1,564 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,596 developers. It's quick & easy.

Writing to a virtual directory from ASP.NET 2.0: Is there an easy

I have an ASP.NET app that must allow users to upload files. The files are
stored in a virtual directory. I use Server.MapPath to map from the virtual
directory name to a physical path, then the FileUpload control SaveAs method
to upload and save the file.

This all works fine when the virtual directory points to a local drive on
the ASP.NET server. However, when pointing to a remote drive (which is what
my client wants to do), I get errors.

I found another post in this newgroup where someone has the same problem.
The solution posted is :

---------------------------------------
to read/write to a network share require the asp.net account run as a domain
account.
for 2003, turn off impersonation and use an appool with a domain account
with permissions to the share.
for 2000, you need to impersonate a domain/account
----------------------------------------
This is from the thread
https://msdn.microsoft.com/newsgroup...=en-us&m=1&p=1

According to my network guy (I myself am clueless about network
permissions), this is not a trivial solution. I'd rather not make my client
jump through hoops in order to save files to a remote directory. Is there an
alternative way to do this that doesn't involve this level of security? (some
security is good; solutions that require my client to spend a few hours
redoing their security model is not good.) Is there something obvious I'm
missing?

Thanks in advance.
Dec 21 '05 #1
2 2504
This is actually extremely simple. I'm not sure what other considerations
your network guy is taking into account, so it may not be so under your
network's design.

The solution involves changing the user your application is pretending to
be. By default, your application pretends to be ("impersonates") a local
machine user, with minimal permissions. You need to set your application to
impersonate a domain user that has MODIFY permissions on the target
directory. This is a line of code in your web.config for you, and a user
creation and ACL assignment for your network admin (unless there's a
firewall in the way).

When you change your application's impersonation, you can expect all sorts
of things to stop working, because you'll need to set permissions on other
directories as well. Don't woryy--these will be clearly pointed out to you
on all the error pages you'll get. It's not too bad--maybe 4 dirs tops
you'll have to update, depending on what else your app does, and you'll be
fine.

"BLetts" <BL****@discussions.microsoft.com> wrote in message
news:97**********************************@microsof t.com...
I have an ASP.NET app that must allow users to upload files. The files are
stored in a virtual directory. I use Server.MapPath to map from the virtual directory name to a physical path, then the FileUpload control SaveAs method to upload and save the file.

This all works fine when the virtual directory points to a local drive on
the ASP.NET server. However, when pointing to a remote drive (which is what my client wants to do), I get errors.

I found another post in this newgroup where someone has the same problem.
The solution posted is :

---------------------------------------
to read/write to a network share require the asp.net account run as a domain account.
for 2003, turn off impersonation and use an appool with a domain account
with permissions to the share.
for 2000, you need to impersonate a domain/account
----------------------------------------
This is from the thread
https://msdn.microsoft.com/newsgroup...=en-us&m=1&p=1
According to my network guy (I myself am clueless about network
permissions), this is not a trivial solution. I'd rather not make my client jump through hoops in order to save files to a remote directory. Is there an alternative way to do this that doesn't involve this level of security? (some security is good; solutions that require my client to spend a few hours
redoing their security model is not good.) Is there something obvious I'm
missing?

Thanks in advance.

Dec 21 '05 #2
Hello Richard.
Your comments imply impersonation is an all or nothing choice which must be
applied to the entire application.

Isn't it possible to apply impersonation to a given page or perhaps
re-design the application to include a virtual application with its own
web.config which resides under the root of the parent application?

Impersonation could then be applied to this "partitioned" virtual
application which does the file writing activities? I wouldn't know either
way but I'd like to be prepared when this issue becomes partinent to my
project requirements.

<%= Clinton Gallagher

"Richard Dudley" <rj******@gmail.com> wrote in message
news:Oy**************@TK2MSFTNGP15.phx.gbl...
This is actually extremely simple. I'm not sure what other considerations
your network guy is taking into account, so it may not be so under your
network's design.

The solution involves changing the user your application is pretending to
be. By default, your application pretends to be ("impersonates") a local
machine user, with minimal permissions. You need to set your application
to
impersonate a domain user that has MODIFY permissions on the target
directory. This is a line of code in your web.config for you, and a user
creation and ACL assignment for your network admin (unless there's a
firewall in the way).

When you change your application's impersonation, you can expect all sorts
of things to stop working, because you'll need to set permissions on other
directories as well. Don't woryy--these will be clearly pointed out to
you
on all the error pages you'll get. It's not too bad--maybe 4 dirs tops
you'll have to update, depending on what else your app does, and you'll be
fine.

"BLetts" <BL****@discussions.microsoft.com> wrote in message
news:97**********************************@microsof t.com...
I have an ASP.NET app that must allow users to upload files. The files
are
stored in a virtual directory. I use Server.MapPath to map from the

virtual
directory name to a physical path, then the FileUpload control SaveAs

method
to upload and save the file.

This all works fine when the virtual directory points to a local drive on
the ASP.NET server. However, when pointing to a remote drive (which is

what
my client wants to do), I get errors.

I found another post in this newgroup where someone has the same problem.
The solution posted is :

---------------------------------------
to read/write to a network share require the asp.net account run as a

domain
account.
for 2003, turn off impersonation and use an appool with a domain account
with permissions to the share.
for 2000, you need to impersonate a domain/account
----------------------------------------
This is from the thread

https://msdn.microsoft.com/newsgroup...=en-us&m=1&p=1

According to my network guy (I myself am clueless about network
permissions), this is not a trivial solution. I'd rather not make my

client
jump through hoops in order to save files to a remote directory. Is there

an
alternative way to do this that doesn't involve this level of security?

(some
security is good; solutions that require my client to spend a few hours
redoing their security model is not good.) Is there something obvious I'm
missing?

Thanks in advance.


Dec 21 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Michelle | last post: by
5 posts views Thread by Leszek | last post: by
4 posts views Thread by William Sullivan | last post: by
4 posts views Thread by Chuck P | last post: by
9 posts views Thread by antonyliu2002 | last post: by
2 posts views Thread by =?Utf-8?B?UmFq?= | last post: by
1 post views Thread by Developer.Man4 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.