views:

1054

answers:

3

I have a asp.net web application that creates a Folder on a FTP site, but I need to grant permissions to that folder to some users of the active directory.

How can I do that programatically, inside my app when I create the folder?

+1  A: 

Standard FTP does not allow for changing of permissions or file ownership, but it is reasonably common for FTP servers to allow this sort of thing through custom SITE commands. At least, this is common for UNIX hosted FTP servers.

Try connecting to the server with a standard FTP client and typing site help. That should give you a list of the custom SITE commands available. You can then get the usage for a specific command by typing site help <cmd>.

I'm not sure what your options will be against a Windows-based server, as the permissions model is more granular than with standard UNIX permissions. On a UNIX server, you can often change the group ownership and the permissions, but changing the file owner is not allowed unless you're root. I shouldn't have to say that logging into an FTP server as root is a really bad idea.

I hope that's some help.

R

Vortura
+1  A: 

You don't say what kind of FTP server you are running, or in what manner you want the AD user to interact with the new folder. I'm assuming that you are using IIS's FTP Service, and that you need your AD users to be able to use FTP to access the new folder.

IIS uses the same access rights as other file access methods in Windows (accessed from the Security tab on the folder's Properties view).

I created a WinForm that would do the following: create a new local user account (and add them to a group), create a new directory under our FTP Server's base directory, create a new Virtual FTP Folder (so that a user could map a connection to the folder), and finally give the new user full control of the new directory (and because the directory was a Virtual Folder, the new user has full control via FTP).

It sounds like you don't need to create the new user, you just need to give them permission to make changes to the new directory. In my app I shell out to invoke a batch file and pass it a few parameter.

The command for modifying a directory (or file's) access rights is:

cacls [The path to your new directory] /E /P [The AD user name]:C

I don't recall what those parameters mean any more; I suggest you research the command to make sure it does exactly what you want.

To execute this from VB.Net:

Shell(System.Configuration.ConfigurationSettings.AppSettings.Item("CACLS_batPath") & " " & strFolderPath & " " & _strUserName, AppWinStyle.NormalFocus, True, -1)

That will open a visible command window and execute the batch file, passing it the parameters. (It just occured to me that I'm doing this in WinForms and it might not be that easy to call from ASP.Net, check here for information about executing a batch file from ASP.Net: http://codebetter.com/blogs/brendan.tompkins/archive/2004/05/13/13484.aspx)

The contents of the BAT file are:

echo "update file permissions"
cacls %1 /E /P %2:C
REM PAUSE

Good Luck!

PhillFox
+1  A: 

I'm assuming that you are creating the folder and want to set the permissions in a c# application.

You want to look at the DirectorySecurity class (msdn)

You create a directorySecurity class for the newly created directory and then you add FileSystemAccessRules to define the appropriate access based on AD users and groups.

yamspog