Go
These forums are read-only and considered to be an archive. Please use the new Community for future interaction and posts.

Bug? Renaming of folder logs out user

Hi, it seems I have found a bug.

Whenever a user (no matter if admin or not) renames a folder he's sent back to the login page.
When logging back in the name has changed. But this is somewhat annoying.
Chris Adelt 9/17/2008 1:49 AM
Ok this also happens when deleting folders...
Chris Adelt 9/17/2008 2:23 AM
This is not a bug but is actually a feature of ASP.NET 2.0. Whenever a subfolder within the application's root folder is deleted/renamed, the application domain is recycled. So you should use root folders outside the application's virtual directory. For instance, if your application folder is /FileVista, you should not use a subfolder like /FileVista/Subfolder as a root folder. 
Cem Alacayir 9/17/2008 3:28 AM
So which folder am I supposed to use?

Right now it looks like this:

X:\wwwroot\filevista
X:\wwwroot\filevista\rootfolder
Chris Adelt 9/17/2008 4:07 AM
Point the root folder to another folder that is not under X:\wwwroot\filevista, for example X:\rootfolder.
Cem Alacayir 9/17/2008 4:25 AM
I'm running into another problem now...

we have different filevista systems running on the same mashine. Now I have set up some folders 
X:\data\customer1X:\data\customer2etc...

It works okay but if one of these customers now gets tricky and enters the folder name of another customer he could reach their files very easily.
Chris Adelt 9/17/2008 5:28 AM
Where would a user enter the folder of another customer? Do you mean when creating a root folder? Other than that FileVista is pretty secure, a user can not reach above a root folder. However, administrator of FileVista can create a root folder pointing to anywhere as long as the assigned Windows user has permissions. That's why you may need to manage this by assigning different Windows users for your customers.

Other than that please make sure that your root folders are not accessible via web, i.e. they are not virtual folders. This way, they will not be accessible by guessing the URL.

Cem Alacayir 9/17/2008 6:21 AM
Is there a way to have different windows users for different filevista systems that has access to the filesystem?

right now all systems use the same user. Is there a way to change it? That would solve the problem.
Chris Adelt 9/17/2008 6:31 AM
I am of course talking about the admin user, who creates root folders and can point to any folder on the harddrive that the "filevista" windows user has access to, which right now is the same user on all 4 filevista installations.
Chris Adelt 9/17/2008 6:33 AM
Yes, you can use impersonation for this purpose.

For each FileVista installation, you can assign a different Windows user by adding these lines to each web.config:

<authentication mode="Windows" /> 
<identity impersonate="true" userName="SomeUser1" password="Password123"/>

This way, you will override the default assigned user ASPNET or NETWORK SERVICE with the credentials set it in <identity> setting.
Cem Alacayir 11/17/2008 4:09 AM
Thanks for the hint.
I guess changing the user of the "webapplication" that is run by IIS does the trick too - right?
Chris Adelt 11/17/2008 6:32 AM
I guess you can change the user on application pool level if you don't use impersonation.
Cem Alacayir 11/17/2008 7:28 AM