tags:

views:

48

answers:

3
Q: 

Windows Folder Security when sharing through a website

I'm working on an application that serves up files (e-commerce downloadable content.) The content is stored on a windows folder share on the server and the application then provides access to that content when the uses requests it. Essentially there is a DownloadFile.aspx?fileId=XXXX

Anyway I'm having issues getting the security right on the folder. Whenever i navigate to the page i get a login/password prompt from IIS asking for rights on the local computer. I need any internet user to be able to access a file (the application handles the security of who should be able to get to those files)

I tried adding Read to EVERYONE as well as adding it to the ASPNET user. No luck. I still get the prompt.

Any suggestions?

EDIT: Adding a bit of clarity. The ASPX file that is getting the security popup now is only calling a File.Exists on the UNC of the network share. This particular script isnt serving up the file for download (yet) and it still fails.

p.s. I'm aware this might not be the best way to serve these files. I'm a contractor doing work for a client who is migrating their site to another web host. We need to get it working before we can hopefully get in to rewrite this. Minimal impact is key.

A: 

If the file is on a different share, first of all you need to use the Response.WriteFile() method to actually send the file down.

Then from a permissions standpoint you simply need to have the ASPNET (or NETWORK SERVICE on Win 2003/Vista/Win 2008) with permissions to read/write as needed to that folder.

Mitchel Sellers  2009-08-05 14:38:25
Going to flag this as the answer. I was using ASPNET i needed NETWORK SERVICE. There were other issues but this helped the most.
JoshReedSchramm  2009-08-05 15:52:21
A: 

Use the "Everyone" group with discretion. Check the security permission of the Virtual Dirsctory in IIS. Should only be "Anonymous". Try this and then follow settings found here to secure the server.

Saif Khan  2009-08-05 14:39:12
A: 

If you are linking to the content directly, then the ASPNET user will not be involved. That user is only used for executing ASPx files in IIS. To allow a user on the web to access the file directly, ensure that the account "IUSR_*computerName* has access to the file.

Ryan Brunner  2009-08-05 14:40:05

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?