473,395 Members | 2,006 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > correct permissions

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Correct Permissions

Bob
Hello,

I am developing a web application (to be used both in Internet and Intranet)
and users are allowed to upload files. I need to choose the best method to
handle permissions. Searching on the Internet, I found the following
methods:

1) Enable the WRITE permision for the NETWORK_SERVICE user in the specified
folder (the folder where users will upload files)
2) Impersonate a different user (see
http://www.codeproject.com/KB/cs/Use...ion_in_Ne.aspx) before the
upload, and then undo that impersonification. Of course, the new user should
be granted WRITE permission to that folder.
3) Use web.config to tell the whole application to impersonate a different
user. Of course, the new user should be granted WRITE permission to that
folder.
4) Use IIS, ASP.NET configuration to tell ASP.NET to run the .aspx upload
page impersonating a different user. Of course, the new user should be
granted WRITE permission to that folder.

Which one would you recommend? Since my users will need to install it on
their servers, I think the easiest one would be #1. But which one is the
most secure and recommended?

Thanks!
Jun 27 '08 #1
1 1153
Sam
I would use method 1.

Sam

"Bob" <no****@nospam.comwrote in message
news:48***********************@reader3.news.tin.it ...
Hello,

I am developing a web application (to be used both in Internet and
Intranet) and users are allowed to upload files. I need to choose the best
method to handle permissions. Searching on the Internet, I found the
following methods:

1) Enable the WRITE permision for the NETWORK_SERVICE user in the
specified folder (the folder where users will upload files)
2) Impersonate a different user (see
http://www.codeproject.com/KB/cs/Use...ion_in_Ne.aspx) before the
upload, and then undo that impersonification. Of course, the new user
should be granted WRITE permission to that folder.
3) Use web.config to tell the whole application to impersonate a different
user. Of course, the new user should be granted WRITE permission to that
folder.
4) Use IIS, ASP.NET configuration to tell ASP.NET to run the .aspx upload
page impersonating a different user. Of course, the new user should be
granted WRITE permission to that folder.

Which one would you recommend? Since my users will need to install it on
their servers, I think the easiest one would be #1. But which one is the
most secure and recommended?

Thanks!


Jun 27 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
Folder permissions
by: Kim Lots | last post by:
Hi Sorry to disturb you again but i really like to know what's the NTFS folder permissions on a "virtual directory" folder for a public webserver iis 5.x running ASP 3.0 with an Access DB on a...
ASP / Active Server Pages
1
How to Identify Permissions for SQL Server Tables & Stored Proc. via VB Code
by: Brad H McCollum | last post by:
I'm writing an application using VB 6.0 as the front-end GUI, and the MSDE version of SQL Server as the back-end (it's a program for a really small # of users --- less then 3-4). I'm trying to...
Microsoft SQL Server
3
System calls not using correct permissions?
by: skilpat | last post by:
My Python script is basically glue for a lot of batch files and whatnot, so it uses os.system liberally. However, there is a strange problem where the scripts called by os.system do not function...
Python
6
Inheriting Permissions
by: !!! Klutzo !!! | last post by:
I give permissions for ASPNET on a top level subdirectory. A windows program copies a file into the subdirectory, however, my web service cannot access the file because it does not have...
.NET Framework
11
How to secure an A97 database from being opened w/o the correct system datbase being in place
by: MLH | last post by:
I was reading up on A97 security and found a blurb saying Microsoft Access provides two traditional methods of securing a database: setting a password for opening a database, or user-level...
Microsoft Access / VBA
2
Changing table permissions in VB Code?
by: Jozef | last post by:
Hello, Is there a way to change table permissions in VB Code? I can't seem to find much that's concise in the help file. Here's the situation; I have a table in the "data" portion of a split...
Microsoft Access / VBA
9
Making the correct class at runtime based on loaded data
by: Jon Rea | last post by:
I hav been looking for the last 2 hours on how to do this without much luck. Im going to give a simplifed model of the problem i have. I want a collection class that can holds a series or...
C# / C Sharp
7
Permissions
by: none | last post by:
Hello: I had a nice php application running on my server here at home, and I uploaded it to a shared public type server and it started to break all over the place. It turns out that some...
PHP
13
A97 permissions help example does not compile
by: MLH | last post by:
Invalid qualifier error displays at compile time on this A97 example from Permissions Property HELP. What's wrong with the strContainerName assignment line? (6th line) Sub...
Microsoft Access / VBA
8
FileIO Exception and permissions
by: jporter188 | last post by:
Hello, I am working on a project to manipulate XML files. All of the files, the code, and the output are on network drives. When I run my program I get an exception (see below). I tried giving...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!