SQL Server administration and T-SQL development, Web Programming with ASP.NET, HTML5 and Javascript, Windows Phone 8 app development, SAP Smartforms and ABAP Programming, Windows 7, Visual Studio and MS Office software
ASP.NET, VB.NET, Microsoft .NET Framework, Microsoft Visual Studio, Windows Forms, Controls and more Tutorials and Articles for Programmers

Configuring ASP.NET File Upload Security Permissions on Upload or Download Folders

It is a common application that web sites or web applications allow users to upload files to storage folders or file storage databases.
But sometimes configuring security NTFS permissions for download or upload folders may be confusing and frustrating.
For ASP.NET applications, IIS (Internet Information Server) let's the ASP.NET machine account to process the asp.net web requests.
Here you can find screenshot summarizing and displaying how the ACL (Access Control Lists) is arranged for an upload folder for an ASP.NET web site application.

In this sample we have a donwload folder named FSBDownloads.
This download/upload folder is configured as a virtual folder in the IIS console with an alias name "Documents".
Using the IIS Management Console, the Documents virtual folder is configured as shown in the below screenshot.
The Documents folder is allowed for "Write" which differs upload folders from ordinary web application folders.
On the other side, if we put the web server aside, if we look at the security properties of the download/upload folders for file system security, you can see that the ASP.NET Machine Account is configured with Modify (and also Write) permissions on the folder ACL.

file upload security configurations of an upload folder for a web application

Visual Studio

Copyright © 2004 - 2021 Eralper YILMAZ. All rights reserved.