Folder permission ASP.NET site online - asp.net

I'm uploading files into a folder. It works as it should when I run the solution locally, but when I've uploaded the site to the web server using "copy website", - I can no longer upload files to the folder.
Can I change the permissions somehow?

It depends is the user that is trying to upload the file(s) into that directory on the server have permissions to that folder on the server, eg: read/write, ect... Also is the user that will be using that program on the server is running the application as themselves or as the IIS User account, or some other dedicated account?
Update:
Since you are doing it through the VPN, try terminal serving to that server and if you have personally permissions to make this change as in give permissions then do it yourself or ask the admins to do it for you.

Depending on the folder you are uploading your files into and the account you have configured the web server to execute your application under, there might be different ways to achieve that. But basically you should rant write access to this account to the given folder you are saving the uploaded files into. But if you use some of the special ASP.NET folders such as App_Data for example to store the uploaded files, the account should already have write permission to that folder. And if you have uploaded your site to some hosting company that don't provide you the possibility to change permissions on the different folders that are part of your website you might need to contact the support so that they perform he necessary modifications that you need.

Related

How can I change permission for an Azure Web App, so I can actually upload files via FTP to it?

How can I change permission for a Web App, so I can actually upload files via FTP to it?
What is it I need to change in order to have permissions to upload via FTP?
I have a running site that runs ASP.Net Core. Everything works.
For debugging purposes on a weird js issue, I need to be able to edit a few js files directly on the site via FTP.
When I connect via FTP (with the credentials from the "publish profile") I can connect just fine and download files - I use Filezilla.
But if I try to upload anything, I get "550 Access is denied."
I have full access to Azure Portal etc for the site, incl. Kudu.
It does not matter if you can upload files via KUDU or some other thing - I specifically need FTP.
Thanks for asking question! Could you please check if your firewall is blocked outgoing FTP writes.
Also, make sure you're not trying to write to a read-only file. For this suggest using the Kudu Console (https://[sitename].scm.azurewebsites.net/DebugConsole) to look at your files and check their permissions (e.g. using 'attrib' command).
For more information about KUDU, please refer to this document
Refer to this document link might be helpful: https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp#get-ftp-connection-information
Try checking the ftp link which is provided by deployment center, For this Go to your web app, click Get publish profile, choose the Publish URL under tag <publishProfile profileName="your-webapp"

folder explorer for server files

Is it possible to rename/move or delete files from a web application (ASP.Net MVC) that are on a server folder just like how you would do it locally? I would want the user to be able to upload say 30 files (from a scanner auto-feed) into a temporary folder on the server (cannot save it locally due to data security) and then allow the user to be able to rename /move before uploading them onto Azure blob storage.
I saw few examples - jquery file tree seemed good but not sure if it allows rename and moving. Please suggest solutions for working with the server folder. I intend to delete the server folder after I am done transferring files to Azure. TIA.
Yes, you can do this by giving the USER that is running the ASP.Net application (defaults to IUSR) permissions to write to that folder.
Be very careful though, as you're potentially opening your website for abuse when doing this.
See: https://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis for how IIS users operate.

Properly secure IIS 7 read/write folder

I am running IIS 7 and ASP.NET 4. It's an online charting application where one folder needs to have read/write access. Users don't upload anything into this folder directly; instead they configure chart settings and then ASP.NET generates the chart on the server and saves it as an image into that read/write folder. Users are redirected to download the image of the chart from that folder.
In order to allow IIS/ASP.NET to save an image into the folder, I give WRITE permission to IIS AppPool/ChartApp account.
But, I am worried to have write access on a folder that's open to HTTP. While there is no direct way to upload a file via my site into that folder, I am concerned that hackers will find a way to upload a script and then execute it. Are these valid concerns? Is there anything else I need to do to secure such a read/write folder?
Thanks.
The configuration is sound and a normal standard setup. As you point out, there is no way to upload a file unless you add one.
If your particularly paranoid about this, you can setup a new user account and use that account as the 'anonymous user' account (which is the credentials used by the common browsing user on your site), and ensure that account doesn't have write acccess while the AppPool account does. The anonymous user uses the AppPool identity by default.
What are all the user accounts for IIS/ASP.NET and how do they differ? has details on each different account type.
What I ended up doing is to use a different account to write the file. The code from this article worked well for impersionation. The account that writes the file has write permissions, and the "main" AppPool account is still read only.

ASP.NET Protect files inside folder

I have a shared hosting account in which I upload my ASP.NET application. I let the user upload .doc files inside a folder, the problem is I only want logged users to be able to download those files, so I wrote a dispatcher, you give it the id and it reads the file and writes it to the browser, hiding the file location, nevertheless I want to protect the directory where all the files are, so you can only download files using the dispatcher, I tried marking it as a password protected directory, but now ASP.NET can't get access either.
You need to restrict the NTFS permissions on that folder to only allow the user your applicaiton is running as. This might be difficult in a shared host environment...
The ideal solution would be to move the folder outside of the site root but I guess as you are using shared hosting this may not be possible.
One other solution would be to move docs to the App_Data folder which is protected by .NET (see here What is the App_Data folder used for in Visual Studio?)

asp.net log files permissions

Our asp.net app writes errors to a text log file in the web sites root folder. This has lead to all sorts of permission problems, different flavors of IIS and windows allow different things by default.
So what I am wondering is there a location somewhere in Windows where all types of users can write a file without any extra permissions that will also work for all IIS and flavors of windows?
I am thinking of the ApplicationData folder, but did this exist in Server 2003 ?
Thanks,
AJ
The easiest solution would be to use the App_Data subfolder of your web application for this. By default it's not viewable from the web, so Internet clients won't be able to read the logs.
Depending on your deployment method, you might have to change the permission to allow write access to this folder (to the user under which your web application is running).
Alternatively, there is a place where every user can write to: It's that user's temporary folder, which you can access through Path.GetTempPath. This, however, does not sound like a suitable location for log files.
You should always first think about wwwroot folder (%systemdrive%\inetpub\wwwroot) because it has the required permission.
The permission you need is to set a full control for IIS_IUSRS
Edit: you can simply give Everyone Full Control (not recommended at all) but this solves most of ntfs permissions issues with IIS

Resources