Can I make a folder writeable in Medium trust?

Question

My web app writes to several folders (logs, uploads, etc), and I've always set these permissions manually through my hosting provider.

I'd like to create a setup script that performs this on new installations. Is this possible under Medium trust?

I can't even call File.GetAccessControl, let alone File.SetAccessControl, but I don't need such a "big hammer", anyway. I just want to do what the ISP (in this case GoDaddy) is letting me do through a management console.

I believe PHP is able to do this, and I'd be willing to consider a PHP page for this purpose if that's possible.

Answer 1

Ok assuming you are using IIS and asp.net in the usual fashion you must have an asp.net account under which the framework executes your application on your behalf.

The web application runs under a single account and through authentication users are programmatically granted access to do things that your "master account" carries out on their behalf.

Think of it as looking something like this ....

Asp.net loads your app (asp account) User connects (iuser account) User logs in (? depending on account used could be windows auth or forms auth, ect)

User requests to do something using your rendered web pages under their accounts ...

asp.net checks user has permission to perform operation (asp.net acount) if user can do this asp.net acts on requested action (asp.net account)

Therefore ... You should already have the relevant permissions in that asp.net account to do what you need to do.

There is a level above all that too ... the IIS server itself runs under the system / network service account normally.

So the question is really ... How do you want to grant the permissions to a possible user to write to the server.

Have a look at the membership provider and roleprovider classes in the framework you should be able to inherit those and create an ActiveDirectoryRoleProvider and ActiveDirectoryMembershipProvider class that would authenticate based on role membership of users in AD, or if you prefer just authenticate against a DB with the basic asp.net provider classes.

Hope this helps.