« Previous Next »

• 10-28-2009, 4:25 PM

  newbie998 Joined on 11-28-2006, 4:42 PM Posts 2

  Folder permissions Reply Contact First of all, Im sorry if this has been answered before. I just can´t find it. Im not very familiar with iis, so hopefully this is an easy question. I have an ASP.NET application where the user can upload files. The files are located in a folder in web root (The very same folder as where .aspx files etc. are located, I think it was called web root, or was it wwwroot?). I need to make sure that the only user that can access this folder is the ASP.NET application. Which would mean that if someone has access to this windows server, they would not be able to open the folder where the files are uploaded. Can I use the NETWORK SERVICE user to solve this? We are using windows server 2003, and I think it is iis 6.0 Thank you

• 10-28-2009, 7:46 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,254	Re: Folder permissions Reply Contact IIRC, you need to give IIS_WPG NTFS Modify permissions to wwwroot.  This could be dangerous, so make sure that noone can upload malicious code ... Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 11-02-2009, 3:36 PM

  In reply to

  newbie998 Joined on 11-28-2006, 4:42 PM Posts 2	Re: Folder permissions Reply Contact Sorry for the delay. Thank you, I´ll look in to it.....

• 11-04-2009, 4:54 AM

  In reply to

  WenJun Zhang - MSFT Joined on 08-27-2008, 2:53 AM Posts 140

  Re: Folder permissions Reply Contact If you are using basic or integrated windows authentication, you can also consider enable impersonation in the ASP.net application's web.config. Then authenticated users' credential will be used to execute the uploading code. You can then use NTFS permission to control which users are allowed to perform uploading. Furthermore, please setup a dedicated folder for file upload. Make sure its exection permission is set to none in IIS. In this case, even if somebody uploads harmful script files into it, they will not be executed. HTH WenJun Zhang - MSFT Sincerely Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 11-04-2009, 12:14 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,254

  Re: Folder permissions Reply Contact WenJun Zhang - MSFT: Furthermore, please setup a dedicated folder for file upload. Make sure its exection permission is set to none in IIS. In this case, even if somebody uploads harmful script files into it, they will not be executed. Excellent advice! Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/