views:

171

answers:

2

Is it possible to use a small .NET page to set folder permissions on some folders on the server where it resides? What is the code or objects that can be used for this? I am on Windows Server 2003.

Basically I want to hit the page with a GET or POST and have it run and check and/or update the permissions on a folder.

+1  A: 

You can use the FileIOPermission class to do this. Just make sure the user under which the website is running has this permission to do all the security settings.

Shoban
+1  A: 

There's a number of possible ways to approach this.

One is to use the FileIOPermissions class, which allows you to specify permissions on files and folders.

The other option is to use the DirectorySecurity class within the System.Security.AccessControl Namespace, and specifically the SetAccessControl Method of that class.

This second method should provide you with much more granularity and control over the setting of permissions as the System.Security.AccessControl namespace allows you to programmatically create or modify discretionary access control lists (DACLs) and system access control lists (SACLs) for a number of protected resources such as files, folders, and so on.

Irrespective of the method you choose to perform the permission setting, you will need to be mindful of the account that your ASP.NET-driven code is running under. You say you are using Windows Server 2003, so you're probably using IIS version 6.0. By default, IIS 6.0 will run all user code under the "Network Service" account, which is a low-privilege account and will have limited permissions outside of the IIS processes and the website hierarchy. You can read the MSDN article, "How To: Use the Network Service Account to Access Resources in ASP.NET" regarding accessing resources on the server side and exactly what access you will have under this account.

Depending upon the exact nature of what you want to do, you may also need to look into ASP.NET Impersonation to enable your server side code to run under the context of a different account. See the MSDN article, "How To: Use Impersonation and Delegation in ASP.NET 2.0" for more information on that.

CraigTP