Writing to a virtual directory from ASP.NET 2.0: Is there an easy



I have an ASP.NET app that must allow users to upload files. The files are
stored in a virtual directory. I use Server.MapPath to map from the virtual
directory name to a physical path, then the FileUpload control SaveAs method
to upload and save the file.

This all works fine when the virtual directory points to a local drive on
the ASP.NET server. However, when pointing to a remote drive (which is what
my client wants to do), I get errors.

I found another post in this newgroup where someone has the same problem.
The solution posted is :

to read/write to a network share require the asp.net account run as a domain
for 2003, turn off impersonation and use an appool with a domain account
with permissions to the share.
for 2000, you need to impersonate a domain/account
This is from the thread

According to my network guy (I myself am clueless about network
permissions), this is not a trivial solution. I'd rather not make my client
jump through hoops in order to save files to a remote directory. Is there an
alternative way to do this that doesn't involve this level of security? (some
security is good; solutions that require my client to spend a few hours
redoing their security model is not good.) Is there something obvious I'm

Thanks in advance.

Richard Dudley

This is actually extremely simple. I'm not sure what other considerations
your network guy is taking into account, so it may not be so under your
network's design.

The solution involves changing the user your application is pretending to
be. By default, your application pretends to be ("impersonates") a local
machine user, with minimal permissions. You need to set your application to
impersonate a domain user that has MODIFY permissions on the target
directory. This is a line of code in your web.config for you, and a user
creation and ACL assignment for your network admin (unless there's a
firewall in the way).

When you change your application's impersonation, you can expect all sorts
of things to stop working, because you'll need to set permissions on other
directories as well. Don't woryy--these will be clearly pointed out to you
on all the error pages you'll get. It's not too bad--maybe 4 dirs tops
you'll have to update, depending on what else your app does, and you'll be


Hello Richard.
Your comments imply impersonation is an all or nothing choice which must be
applied to the entire application.

Isn't it possible to apply impersonation to a given page or perhaps
re-design the application to include a virtual application with its own
web.config which resides under the root of the parent application?

Impersonation could then be applied to this "partitioned" virtual
application which does the file writing activities? I wouldn't know either
way but I'd like to be prepared when this issue becomes partinent to my
project requirements.

<%= Clinton Gallagher

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question