Wrox Programmer Forums
|
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 21st, 2004, 08:00 AM
Registered User
  
Join Date: Jun 2003
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default FileManager - Permission Denied
I created a stand-alone version of the FileManager module (c#) and added the app to an existing .Net web site. Everything works fine, all the pages render correctly, etc., only I can't upload or edit files. I keep getting a 'permission denied' error.

I made sure that Anonymous browsing was disabled in the folder where the FileManager pages are, and that the account I'm logging in with has FullControl within the directory structure of the web site. Still no help. The only way I can upload/edit is by giving the I_USER account FullControl within the folders. If I understand things correctly, when Anonymous browsing is disabled (I have Windows Authentication selected), any code that executes on the server does so with the rights of the authenticated user. Am I worng? If so, how do I get edit/upload to work without giving the Anonymous User FullControl access?

TIA

Michael Caruso
MMAC Webmaster
Oklahoma City, OK
 
Old July 21st, 2004, 04:42 PM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default
You need to select "Windows Integrated" authentication in IIS, and enable impersonation in your web.config:
<identity impersonate="true"/>

If you do not specify a name attribute, then ASP.NET will use the identity passed to it by IIS, which will be the network identity of the user.

You are correct that you must not give "full control" to IUSR_Machinename if you are counting on Windows Authentication to protect your files. Only the correct Windows users should have "full control".

http://msdn.microsoft.com/library/de...ersonation.asp

Eric
 
Old July 22nd, 2004, 08:20 PM
Registered User
  
Join Date: Jun 2003
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default
That did it. Works great. Mostly.:)

My real real goal was to add this to a web site in our DMZ, where the content is hosted on a file server behind the firewall. Any suggestions?

Michael Caruso
MMAC Webmaster
Oklahoma City, OK
 
Old July 22nd, 2004, 08:52 PM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default
If you're using Active Directory to hold user accounts, you can put a hive in the DMZ to surface the accounts there. However, this isn't very easy unless you have someone who is good at AD, and it can be a security risk if it's not set up right.

The easy solution is to use Forms security, and you can use a cookie to persist user sessions on their own computers. This way they don't have to log in each day.

You could also ensure that all users come from the right IP range *AND* they have a cookie. That's a good double set of checks.

Eric





Similar Threads
Thread Thread Starter Forum Replies Last Post
(0x800A0046) Permission denied,not IIS permission! David Hay Classic ASP Basics 3 April 30th, 2006 10:47 PM
Permission denied zah_amir Classic ASP Databases 1 January 24th, 2006 11:45 PM
Permission denied tksarun Classic ASP Components 0 March 11th, 2005 03:01 AM
Permission Denied hamidmq Javascript How-To 2 March 10th, 2005 09:41 AM
Permission Denied einstein Linux 1 December 10th, 2003 09:49 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.