Clever Geek Handbook

Uploading Files by Domains in ASP.NET

Having a little problem, I wanted to see what you all suggest. Thanks for your input.

We have an ASP.NET website, one of the features is that this website will allow users to upload files and then the server saves them in a UNC path.

Some of our users are unable to upload files. I think this is likely to be a security issue since these users are on a different domain and therefore cannot access the UNC path to that location the system is trying to save the file.

The website uses Windows Authentication to authenticate users. File server and web server are two separate machines, but located in the same domain, users come from a different domain

the system uses System.Web.HttpPostedFile.SaveAs(String SaveLocation)

to save the file

what I cant figure out why the file is not being saved using the AppPool settings and how to configure this to not try to use client credentials to save the files.

EDIT: I thought that if this was controlled by the application pool then ALL of our users would have problems. but it seems to be the only ones outside of the domain that has the file server.

Any thoughts?

Thank you for understanding.

+1


source to share


3 answers


Do you have it <identity impersonate="true" />

in your web.config?

If so, you use the client's user credentials to save this file; in this case it is probably best if you can only use your application pool account and give it the correct file system permissions.



You can define credentials like this :

<identity impersonate="true" 
          userName="domain\username"
          password="password"/>
+1


source


In the IIS, in Properties-->Directory Security-->Authentication Access and Control

the "Enable anonymous access" field, change the username to a domain account with access rights

for development, the application pool is the account in which the process runs, the Access and Control Authentication account is the username that the anonymous users actually run under. This makes sense since users on your domain (perhaps using Integrated Authentication) already have access.



EDIT Here is the beautiful image: alt text

+1


source


You can try to set up a fixed ID in your application pool settings that has sufficient permissions to write to the UNC share.

alt text

0


source






More articles:


All Articles