Hello,
I am developing a web application (to be used both in Internet and Intranet)
and users are allowed to upload files. I need to choose the best method to
handle permissions. Searching on the Internet, I found the following
methods:
1) Enable the WRITE permision for the NETWORK_SERVICE user in the specified
folder (the folder where users will upload files)
2) Impersonate a different user (see
http://www.codeproject.com/KB/cs/Use...ion_in_Ne.aspx) before the
upload, and then undo that impersonification. Of course, the new user should
be granted WRITE permission to that folder.
3) Use web.config to tell the whole application to impersonate a different
user. Of course, the new user should be granted WRITE permission to that
folder.
4) Use IIS, ASP.NET configuration to tell ASP.NET to run the .aspx upload
page impersonating a different user. Of course, the new user should be
granted WRITE permission to that folder.
Which one would you recommend? Since my users will need to install it on
their servers, I think the easiest one would be #1. But which one is the
most secure and recommended?
Thanks!