Creating and Deleting files from Virtual Directory

[ankit.sri]

How can we Create or Delete a File on a Virtual Directory from asp.net ? The
situation is I want the Application to Read and Write a Certain File on
Virtual directory and when I do it from File Stream it gives me an error
saying Access Denied and I cannot add the IIS_WPG User to the Permission
group to that Directory as that would not be a best way to do as it would
void the security parameters, is there a solution or recomendations on this?

 

[Marc Gravell]

It depends on the security requirements. If you are happy for the web-
app to edit the files, but you just don't like IIS_WPG, then configure
the app-pool to run under a nominated domain identity with access to
the ACL. You might, for example, configure the app-pool identity to
have read-only on the main app folders, and full-modify on the
specific virtual with files. If a hacker manages to take full control
of the web app they'll have full access to the virtual, but if a
hacker has taken full control you already have problems. There are a
few things you need to do to enable an account to run an IIS app-pool
(enable logon as a service, add to the IIS group, write access to the
ASP.NET temp area; read access to the site folders; a few others) -
but it works.

An alternative would be to have a separate, out-of-process utility
running under a nominated account; perhaps a "serviced component",
perhaps a windows service. Ask that utility to make the changes for
you via IPC (any of sockets, named pipes, remoting, COM, etc). This
limits the operations to whatever you publish as the API, rather than
having full unrestricted access.

Marc