Fileupload - authorization to directories through code?

[KK]

Hi,

I have two questions

1) In ASP.NET when providing file
upload facility, normaly you have to give
read/write access to the directory. Is
there a way to set this through code?

For example, without setting directory
permissions through file explorer, is it
possible to give permission to IIS anonnymouse
account to access that directory only? May be
using FileIOPermission Attribute?

2) In some code samples, I have seen
they attach the events (say for a button)
on the aspx file itself (using
onclick=Event_Name) and actual code
still is in the code behind file having the
event accessibility set to Public.

But I generaly dont specify onclick=""
but use the event attachment in the
Initialize...() method in page (which is in
the code behind file), in which events have
a Private accessability.

What exactly is the difference?

rgds
KK

 

[Guest]

You should not be able to set permissions programmatically with asp.net.
I would think that would be a security risk. - I have not tried so feel free
to explore.

Another thing that I have not tried but may be able to work is something
called Impersonation. You have asp.net impersonate another user. Well what
would be another user that would have write access to the folder and that
you would always know the password to. The FTP user that you log into. I
have not tried this but logic would seem to explain that if you can
Impersonate the FTP user that you log and ftp files up into that you would
be able to write to folders with that user. Remember that you should read a
good tutorial on asp.net user impersonation and understand all of the
security implications regarding having your password embedded in your code
or etc.