I want that when a user sign up on my website, a FTP account will be created for him. So every user can access their folder using File Zilla.
I am assuming that you can create a new ftp user via the command line and use chroot to limit him to a particular directory. And one of the answers at https://superuser.com/questions/67765/sudo-with-password-in-one-command-line gives you a way to stop 'sudo' from asking you for the password on the command line. Then its purely a matter of building an interface, and invoking system() or exec() to run the commands.
It is really hard to tell from your question what exactly you want to do. This is a very complex subject that involves a lot of work you need to do in order to achieve this.
If you are using an asp.net custom membership provider you can create the folder there(for example).
Then you need to create a custom authentication provider for IIS which is not an easy task on it's own. Check out this and this blog posts from Robert McMurray. This module will use your user data in your database that you fill in with the custom membership provider.
Then finally you need to provide each user access to his/her own folder trough user isolation in FTP in IIS.
Related
I am looking for a web application to view email files in a folder for use in a test environment. If required I will write the web application myself, but I was hoping someone has already written one.
The reason we need this is because our test environment deliberately does not send emails, but we still need to check our website is writing the correct emails to the SMTP Pickup Directory.
I have heard such web applications exist, and even spoken to people that have used them, but I cannot find one.
Requirements:
Must be web based.
Shows list of emails based on files in a folder.
Allows user to read individual emails
Allows user to delete individual emails.
Allows user to delete all emails.
Can anyone point me in the right direction to find an existing application which does this?
I am running IIS 7 and ASP.NET 4. It's an online charting application where one folder needs to have read/write access. Users don't upload anything into this folder directly; instead they configure chart settings and then ASP.NET generates the chart on the server and saves it as an image into that read/write folder. Users are redirected to download the image of the chart from that folder.
In order to allow IIS/ASP.NET to save an image into the folder, I give WRITE permission to IIS AppPool/ChartApp account.
But, I am worried to have write access on a folder that's open to HTTP. While there is no direct way to upload a file via my site into that folder, I am concerned that hackers will find a way to upload a script and then execute it. Are these valid concerns? Is there anything else I need to do to secure such a read/write folder?
Thanks.
The configuration is sound and a normal standard setup. As you point out, there is no way to upload a file unless you add one.
If your particularly paranoid about this, you can setup a new user account and use that account as the 'anonymous user' account (which is the credentials used by the common browsing user on your site), and ensure that account doesn't have write acccess while the AppPool account does. The anonymous user uses the AppPool identity by default.
What are all the user accounts for IIS/ASP.NET and how do they differ? has details on each different account type.
What I ended up doing is to use a different account to write the file. The code from this article worked well for impersionation. The account that writes the file has write permissions, and the "main" AppPool account is still read only.
I have set up an Active Directory Membership provider and can successfully create and log in users into the active directory with an ASP.NET application.
However, the active directory has other fields besides Username/Password such as First Name, Last Name , Telephone Number etc. Is there any way for me to be able to gather this information using my ASP.NET website and store it in the Active Directory?
I understand that I need to use a Profile Provider and I can technically set it up to use an SQL DB to store the extra profile information, but is there any way I can store the information directly in the fields available in the Active Directory? As far as I know there is no ActiveDirectoryProfileProvider.
Thank you,
You could get there -- probably would need to step outside the membership system and use the System.DirectoryServices to write to AD. Now, writing to SQL will be a lot easier, especially at development time. And you won't have to fight a sysadmin who doesn't want your web app having elevated AD privileges.
I have an ASP.Net (2.0) application on an intranet that needs to impersonate the users Windows login, which it does by having
identity impersonate="true"
in the web.config file.
In a couple of places it needs to create a file in the Temp folder of the server (a text file in one instance and a Word doc in another instance) before sending the resulting file to the user, after which it is deleted from the Temp folder.
It runs into a permission problem, because the user that is being impersonated does not have permission to write to the server's hard drive.
I was hoping I could switch to the default IIS (or some other built in account) to do the file access functions.
Is that possible? If so, how? I can't create any new accounts on the server.
It is Windows Server 2003.
Thanks
Yes it is possible using the System.Security.Principal namespace, see http://support.microsoft.com/kb/306158 for an example.
Basically you switch to a context that has permissions by impersonating the appropriate user account, perform your file IO then undo the impersonation.
However the easier solution would be to grant write access to the users (or groups). Grant permissions to the domain account/group so you don't have to create local accounts on the server.
I already had problems like yours, then I changed my mind and started using memorystreams and immediately writing them to the response object (instead writing it to disk and after send to the client). This way I save on being concerned in deleting it after downloaded by user.
The simplest way is probably to give the 'Everyone' group write access to the temp folder
I am looking for a way to get the identity of the process which executes a *.vbs file or a *.asp file. How to write code to determine the process identity from within the file itself? Suppose I execute the file, it should output the full name of the user (i.e. domain\username).
I've taken a look at this code, but it lists all the processes and then displays the identity of each process. I don't think this is appropriate: if I use the same code in an asp file and executed it via a browser request, I am thinking it would be hard to determine which process is exactly executing it.
EDIT: hope this should explain my requirement better -> what if I wanted my script file asp/vbscript to be run by a particular user and not anyone else?!
Think this might solve at least part of your problem. This is taken from an answer on Google Answers:
You can grant them access to the site based on their Windows log-in
simply by unenabling Anonymous access and enabling Integrated Windows
authentication in the IIS console -> Anonymous access and
authentication control -> Edit... dialogue.
Once authenticated with Integrated Windows, you can get their username
through Request.ServerVariables("LOGON_USER").