Create folder on fileserver from webserver

crazyreds · #1 (**permalink**) 07-23-04, 04:15

Hi

I need to be able to create a folder on a fileserver from the webserver using ASP. This has to be done without giving every one in the anonymous user account (IUSER) r/w acess. But the problem is that from ASP every user is IUSER. Please help me?

Thanks

Brian

Seppuku · #2 (**permalink**) 07-24-04, 00:47

So you have some users you do, and some you don't, want to give access to create folders on your fileserver from a web application?

crazyreds · #3 (**permalink**) 07-24-04, 15:46

Yes.

Some can create and some are not allowed to do sow. But to the fileserver they are all anonymous user, when I use FSO (FileSystemObject) in ASP.

Seppuku · #4 (**permalink**) 07-24-04, 19:08

Then what you should probably do is have a login, authenticate against the NT domain or LDAP server, check for group membership, and if they have access (aka: they are in a specific group), you programically allow them to create the folder/files, otherwise you don't even present the option.

crazyreds · #5 (**permalink**) 07-26-04, 02:15

Yep I could do that, but it will leave the fileserver vide open. Because it requires that you give R/W access to all users. Because when you use FSO on the web server, you connect the fileserver as anonymous user

Seppuku · #6 (**permalink**) 07-26-04, 12:52

Well, not exactly, only the area to the fileserver that people need to write to. So segment off a directory where the IUSR has r/w access, and the rest of the server IUSR doesn't.

You can't have the system impersonate the user who is currently on the system because you'd have to shut down IIS, change the user IIS uses, then start the server again, all dynamically. You're going to have to do it programmically and trust your security model and users.

crazyreds · #7 (**permalink**) 07-26-04, 14:39

Is is not possible to create a user on the fileserver(that have R/W), and impersonate the users on the webserver as the user on the file server?

Seppuku · #8 (**permalink**) 07-26-04, 14:44

What you'd need to do is use an account on an NT domain that has R/W access to the file server that the web server could impersonate. You have to remember that the account that IIS runs as isn't there to be used to allow or disallow access to certain folders on your system, it's there because it needs to have rights to execute scripts and access resources. If you need anything beyond that, you've gotta code it.

Internet Services

Web Development

Digital Marketing

Consumer Tech