Can I make a folder writeable in Medium trust?

Question

My web app writes to several folders (logs, uploads, etc), and I've always set these permissions manually through my hosting provider.

I'd like to create a setup script that performs this on new installations. Is this possible under Medium trust?

I can't even call File.GetAccessControl, let alone File.SetAccessControl, but I don't need such a "big hammer", anyway. I just want to do what the ISP (in this case GoDaddy) is letting me do through a management console.

I believe PHP is able to do this, and I'd be willing to consider a PHP page for this purpose if that's possible.

Answer 1

The only way to make it is to set it on windows server property security and to enable asp.net user account under iis5 or network service under iis6+. This is not related with asp.net. Hehe. i was hosting my things on godaddy and same thing. They told u same as me, u must code things in medium trust. I tihnk that GoDaddy diserver an law suit because they give false information to people. So if u can do that, please do so. medium trust mode doesn't have anything with folder write permission for folder that are in the same tree as website root folder. Medium trust just means that u can't go to other folders that are out of website scope. Medium trust blocks certan things (reflection and such) and doesn't have anything with write permissions (or any other trust). File system is the domain of windows server. As i rember (leave GoDaddy ASAP) godaddy will give an ability to make an folder writeable but u can't do that 4 network service. As i remember u can do that for internet user or for everyone - which is totaly unsecure. They give u a lot of space without the ability to save!! that is just great! And when u tell them to do place network service write rights they don't want to do that and they give u answer: "You should program things in medium trust". Today i am far better expert, and in those times i didn't know that, i lost two weeks on godaddy (not just on medium trust, SQL management also). They are the worst hosting company ever.

Answer 2

You need to edit a config file in %windir%\Microsoft.NET\Framework{Version}\

see http://msdn.microsoft.com/en-us/library/ms998341.aspx

Answer 3

Ok assuming you are using IIS and asp.net in the usual fashion you must have an asp.net account under which the framework executes your application on your behalf.

The web application runs under a single account and through authentication users are programmatically granted access to do things that your "master account" carries out on their behalf.

Think of it as looking something like this ....

Asp.net loads your app (asp account) User connects (iuser account) User logs in (? depending on account used could be windows auth or forms auth, ect)

User requests to do something using your rendered web pages under their accounts ...

asp.net checks user has permission to perform operation (asp.net acount) if user can do this asp.net acts on requested action (asp.net account)

Therefore ... You should already have the relevant permissions in that asp.net account to do what you need to do.

There is a level above all that too ... the IIS server itself runs under the system / network service account normally.

So the question is really ... How do you want to grant the permissions to a possible user to write to the server.

Have a look at the membership provider and roleprovider classes in the framework you should be able to inherit those and create an ActiveDirectoryRoleProvider and ActiveDirectoryMembershipProvider class that would authenticate based on role membership of users in AD, or if you prefer just authenticate against a DB with the basic asp.net provider classes.

Hope this helps.