anonymous access to uploaded files

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

anonymous access to uploaded files

Guest-76

I'm using version 1.1

 

A file uploaded with the extension seems to receive the ASP.NET file user rights.

 

This makes it impossible for an anonymous user to download the file as it has insufficient rights.

 

In the InputFile.MoveTo method there's no way to set these rights.

 

If this is "by design" then this is a feature request to add a new parameter.
Otherwise it's a bug.

 

Dan.

Reply | Threaded
Open this post in threaded view
|

Re: anonymous access to uploaded files

Dean Brettle
Administrator
A file uploaded with the extension seems to receive the ASP.NET file user rights.

By "the extension" do you mean NeatUpload or does the problem only occur with filenames that have a certain extension (which you accidentally ommitted in your post)?

This makes it impossible for an anonymous user to download the file as it has insufficient rights.

In the InputFile.MoveTo method there's no way to set these rights.

Can you set the rights after you move it?

I can't find any documentation for changing file rights from .NET at the moment.  I'm not sure if I'm being brain-dead (it's late...) or it just can't be done from managed code.  I have a vague recollection that it can't be done from managed code (at least not it 1.1), but I'm not sure...

--Dean

Reply | Threaded
Open this post in threaded view
|

Re: anonymous access to uploaded files

Guest-76

Hi Dean,

My problem is for .PDF files.

I will have a look for the dot net file permission api.

Dan

Reply | Threaded
Open this post in threaded view
|

Re: anonymous access to uploaded files - a possible solution

Guest-76

And here's my solution:

System.IO;
using System.Security;

...


inputFile.MoveTo(FullPathAndFileName, MoveToOptions.Overwrite);

// setting file permission of Everyone to full

System.Security.AccessControl.FileSecurity sec = System.IO.File.GetAccessControl(FullPathAndFileName);
sec.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(
                   @"\Everyone",
                   System.Security.AccessControl.FileSystemRights.FullControl,
                   System.Security.AccessControl.AccessControlType.Allow));
File.SetAccessControl(FullPathAndFileName,sec);

If this can (or should) be integrated into NeatUpload I leave to Brettle.

Dan

 

Reply | Threaded
Open this post in threaded view
|

Re: anonymous access to uploaded files

Dean Brettle
Administrator
Thanks for posting your solution!  The FileSecurity class is new in .NET 2.0, which explains why I haven't used it before.

FYI, I won't be adding this functionality to NeatUpload because it is relatively easy to do separately and it would introduce a dependence on .NET 2.0.

I'm going to move this thread to the Support forum so that others can find it more easily.

--Dean
Reply | Threaded
Open this post in threaded view
|

Re: anonymous access to uploaded files

Guest-76
I ran into this same problem and am using Framework 1.1.  Here is a library on gotdotnet.com that calls the Win32API calls for you.  Made the solution a lot easier

http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9

With these libraries here is my code.  It basically copies the acls from the containing directory and adds them to the file:

using Microsoft.Win32.Security;  //Library downloaded from link above

//Set Rights
// Get rights from directory
SecurityDescriptor secDir = SecurityDescriptor.GetFileSecurity (sPath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl daclDir = secDir.Dacl;
               
//Get Descriptor for file
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity (sFullDestFileName, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
               
//Set and save
secDesc.SetDacl(daclDir);
secDesc.SetFileSecurity(sFullDestFileName, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);


Rorik
rorik.melberg@gmail.com
Reply | Threaded
Open this post in threaded view
|

Re: anonymous access to uploaded files

daniel147
In reply to this post by Guest-76
This file downloading guide page may help you.