Ask a Question related to ASP.NET Security, Design and Development.
-
Eran Kampf #1
Security problem when dynamically creating directories
I am trying to dynamically create directories in my ASP.NET application (I
am using Server.MapPath("/")+"test" as the folder)
and I am getting a DirectoryNotFoundException saying "Could not find a part
of the path "D:\".
My site is hosted on a public ISP that for obvious security reasons does not
allow my read access above my wwwroot folder which seems to be a problem
when trying to create directories...
Is there any way to solve this?
--
Eran Kampf
blog: [url]http://www.ekampf.com/blog[/url]
Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
Eran Kampf Guest
-
Creating Virtual Directories
I'm building an application that will host many subdomains under one domain. Each subdomain will be created on the fly by a user for demo purposes.... -
Role based security across sub directories
Take the following directory structure: AppRoot (configured as a IIS Application) -> bin -> dirA -> dirB -> dirC login.aspx web.config -
Problem with Dynamically Creating Link Buttons
Hello, This is my code behind code for dynamic link button creation: strUrl = "<asp:LinkButton CommandName='Onet3_Cd'... -
About directories and security...
It's funny that this has not been invented yet, or has it?: You store your DB outside your default website. It is accessed only through your ASP... -
No security ob directories after installing latest patches
When i look into the directory on the seciurity the user has no rights at all on his own created directory. However he can remove it including... -
Sahil Malik #2 Re: Security problem when dynamically creating directories
Certain ISPs won't let you touch the filesystem even in the wwwroot. Your
only option is to pretty much stick with the ISPs rules, be a good boy and
create your directories only within wwwroot.
Actually create them in a subdirectory within wwwroot, so that you can limit
write access control to only that subdir (and no code lives there).
- Sahil Malik
You can reach me thru my blog at
[url]http://www.dotnetjunkies.com/weblog/sahilmalik[/url]
"Eran Kampf" <eran@ekampf.com> wrote in message
news:%23SFw73VsEHA.1520@TK2MSFTNGP11.phx.gbl...part> I am trying to dynamically create directories in my ASP.NET application (I
> am using Server.MapPath("/")+"test" as the folder)
> and I am getting a DirectoryNotFoundException saying "Could not find anot> of the path "D:\".
> My site is hosted on a public ISP that for obvious security reasons does> allow my read access above my wwwroot folder which seems to be a problem
> when trying to create directories...
>
> Is there any way to solve this?
>
> --
> Eran Kampf
> blog: [url]http://www.ekampf.com/blog[/url]
> Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
>
>
Sahil Malik Guest
-
Eran Kampf #3 Re: Security problem when dynamically creating directories
The following error is when trying to create a subdirectory udner wwwroot
which is fine with the ISP....
It seems that the problem occurs because of ISP security above the wwwroot
level.
By the way,
The ISP support guy tried creating a directory using old asp (FileSystem
object) and had no problems...
"Sahil Malik" <contactmethrumyblog@nospam.com> wrote in message
news:%23lYqpEWsEHA.2660@TK2MSFTNGP12.phx.gbl...> Certain ISPs won't let you touch the filesystem even in the wwwroot. Your
> only option is to pretty much stick with the ISPs rules, be a good boy and
> create your directories only within wwwroot.
>
> Actually create them in a subdirectory within wwwroot, so that you can
> limit
> write access control to only that subdir (and no code lives there).
>
> - Sahil Malik
> You can reach me thru my blog at
> [url]http://www.dotnetjunkies.com/weblog/sahilmalik[/url]
>
>
>
> "Eran Kampf" <eran@ekampf.com> wrote in message
> news:%23SFw73VsEHA.1520@TK2MSFTNGP11.phx.gbl...> part>> I am trying to dynamically create directories in my ASP.NET application
>> (I
>> am using Server.MapPath("/")+"test" as the folder)
>> and I am getting a DirectoryNotFoundException saying "Could not find a> not>> of the path "D:\".
>> My site is hosted on a public ISP that for obvious security reasons does>>> allow my read access above my wwwroot folder which seems to be a problem
>> when trying to create directories...
>>
>> Is there any way to solve this?
>>
>> --
>> Eran Kampf
>> blog: [url]http://www.ekampf.com/blog[/url]
>> Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
>>
>>
>
Eran Kampf Guest
-
YK #4 Re: Security problem when dynamically creating directories
Hi Eran,
If you are sure that you can write to wwwroot using the old ASP approach
(possibly through FileSystemObject), you can try enable impersonation for
your ASP.NET application. In fact, the default ASPNET account needs to
impersonate the client (or another account with higher access privilege on
wwwroot) in order for the file system to honour the NTFS permission.
Thanks,
YK
"Eran Kampf" wrote:
> The following error is when trying to create a subdirectory udner wwwroot
> which is fine with the ISP....
> It seems that the problem occurs because of ISP security above the wwwroot
> level.
>
> By the way,
> The ISP support guy tried creating a directory using old asp (FileSystem
> object) and had no problems...
>
> "Sahil Malik" <contactmethrumyblog@nospam.com> wrote in message
> news:%23lYqpEWsEHA.2660@TK2MSFTNGP12.phx.gbl...>> > Certain ISPs won't let you touch the filesystem even in the wwwroot. Your
> > only option is to pretty much stick with the ISPs rules, be a good boy and
> > create your directories only within wwwroot.
> >
> > Actually create them in a subdirectory within wwwroot, so that you can
> > limit
> > write access control to only that subdir (and no code lives there).
> >
> > - Sahil Malik
> > You can reach me thru my blog at
> > [url]http://www.dotnetjunkies.com/weblog/sahilmalik[/url]
> >
> >
> >
> > "Eran Kampf" <eran@ekampf.com> wrote in message
> > news:%23SFw73VsEHA.1520@TK2MSFTNGP11.phx.gbl...> > part> >> I am trying to dynamically create directories in my ASP.NET application
> >> (I
> >> am using Server.MapPath("/")+"test" as the folder)
> >> and I am getting a DirectoryNotFoundException saying "Could not find a> > not> >> of the path "D:\".
> >> My site is hosted on a public ISP that for obvious security reasons does> >> >> allow my read access above my wwwroot folder which seems to be a problem
> >> when trying to create directories...
> >>
> >> Is there any way to solve this?
> >>
> >> --
> >> Eran Kampf
> >> blog: [url]http://www.ekampf.com/blog[/url]
> >> Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
> >>
> >>
> >
>
>YK Guest
-
Nicole Calinoiu #5 Re: Security problem when dynamically creating directories
Eran,
Server.MapPath("/") will return the path to the site root, which is not
necessarily the root folder of your application. You should have better
luck with Server.MapPath(null). In addition, the value returned may not
have a trailing backslash. To ensure proper path generation, use
Path.Combine rather than simple concatenation. e.g.:
System.IO.Path.Combine(Server.MapPath(null), "test").
If the above still doesn't work, have you tried simply writing the output
from Server.MapPath to an ASPX page so that you can view the value? Is the
returned value a path on which the execution context user should have
adequate permissions to perform the operations that you are attempting?
HTH,
Nicole
"Eran Kampf" <eran@ekampf.com> wrote in message
news:%23SFw73VsEHA.1520@TK2MSFTNGP11.phx.gbl...>I am trying to dynamically create directories in my ASP.NET application (I
> am using Server.MapPath("/")+"test" as the folder)
> and I am getting a DirectoryNotFoundException saying "Could not find a
> part
> of the path "D:\".
> My site is hosted on a public ISP that for obvious security reasons does
> not
> allow my read access above my wwwroot folder which seems to be a problem
> when trying to create directories...
>
> Is there any way to solve this?
>
> --
> Eran Kampf
> blog: [url]http://www.ekampf.com/blog[/url]
> Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
>
Nicole Calinoiu Guest
-
Eran Kampf #6 Re: Security problem when dynamically creating directories
The path I am trying to create is correct.
I checked the knowledge base and I think the problem is due to the fact that
D is a mapped network drive while the asp.net worker process is a local user
that has no network access and thus cannot access the network drive.
If that is true then
1. How creating a directory with old ASP FileSystem object works fine?
2. How come creating\reading\writing files in existing directories work
fine?
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:Onk5HPesEHA.3336@tk2msftngp13.phx.gbl...> Eran,
>
> Server.MapPath("/") will return the path to the site root, which is not
> necessarily the root folder of your application. You should have better
> luck with Server.MapPath(null). In addition, the value returned may not
> have a trailing backslash. To ensure proper path generation, use
> Path.Combine rather than simple concatenation. e.g.:
> System.IO.Path.Combine(Server.MapPath(null), "test").
>
> If the above still doesn't work, have you tried simply writing the output
> from Server.MapPath to an ASPX page so that you can view the value? Is
> the returned value a path on which the execution context user should have
> adequate permissions to perform the operations that you are attempting?
>
> HTH,
> Nicole
>
>
>
> "Eran Kampf" <eran@ekampf.com> wrote in message
> news:%23SFw73VsEHA.1520@TK2MSFTNGP11.phx.gbl...>>>I am trying to dynamically create directories in my ASP.NET application (I
>> am using Server.MapPath("/")+"test" as the folder)
>> and I am getting a DirectoryNotFoundException saying "Could not find a
>> part
>> of the path "D:\".
>> My site is hosted on a public ISP that for obvious security reasons does
>> not
>> allow my read access above my wwwroot folder which seems to be a problem
>> when trying to create directories...
>>
>> Is there any way to solve this?
>>
>> --
>> Eran Kampf
>> blog: [url]http://www.ekampf.com/blog[/url]
>> Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
>>
>
Eran Kampf Guest
-
Nicole Calinoiu #7 Re: Security problem when dynamically creating directories
"Eran Kampf" <eran@ekampf.com> wrote in message
news:OeCUNzhsEHA.1520@TK2MSFTNGP11.phx.gbl...If it's a mapped network drive, and you're trying to create directories> The path I am trying to create is correct.
> I checked the knowledge base and I think the problem is due to the fact
> that D is a mapped network drive while the asp.net worker process is a
> local user that has no network access and thus cannot access the network
> drive.
within you application folder, is your application folder running from this
mapped drive? If not, could you please provide the directory mapping for
your application and the target folders?
For starters, it's most likely using a different user context.>
> If that is true then
> 1. How creating a directory with old ASP FileSystem object works fine?
Without more information, all I could possibly do is make some rather wild> 2. How come creating\reading\writing files in existing directories work
> fine?
guesses. <g> It would really help if you could provide a relevant code
extract, indicating the line on which the exception is thrown and the
complete exception details.
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:Onk5HPesEHA.3336@tk2msftngp13.phx.gbl...>>> Eran,
>>
>> Server.MapPath("/") will return the path to the site root, which is not
>> necessarily the root folder of your application. You should have better
>> luck with Server.MapPath(null). In addition, the value returned may not
>> have a trailing backslash. To ensure proper path generation, use
>> Path.Combine rather than simple concatenation. e.g.:
>> System.IO.Path.Combine(Server.MapPath(null), "test").
>>
>> If the above still doesn't work, have you tried simply writing the output
>> from Server.MapPath to an ASPX page so that you can view the value? Is
>> the returned value a path on which the execution context user should have
>> adequate permissions to perform the operations that you are attempting?
>>
>> HTH,
>> Nicole
>>
>>
>>
>> "Eran Kampf" <eran@ekampf.com> wrote in message
>> news:%23SFw73VsEHA.1520@TK2MSFTNGP11.phx.gbl...>>>>>I am trying to dynamically create directories in my ASP.NET application
>>>(I
>>> am using Server.MapPath("/")+"test" as the folder)
>>> and I am getting a DirectoryNotFoundException saying "Could not find a
>>> part
>>> of the path "D:\".
>>> My site is hosted on a public ISP that for obvious security reasons does
>>> not
>>> allow my read access above my wwwroot folder which seems to be a problem
>>> when trying to create directories...
>>>
>>> Is there any way to solve this?
>>>
>>> --
>>> Eran Kampf
>>> blog: [url]http://www.ekampf.com/blog[/url]
>>> Sharp3D.Math: [url]http://www.ekampf.com/Sharp3D.Math/[/url]
>>>
>>
>
Nicole Calinoiu Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
