Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
Cassini User name / permissions
Options
Previous Topic Next Topic
altraxis
#1 Posted : Friday, August 28, 2009 12:23:21 AM(UTC)
Groups: Member
Joined: 8/27/2009(UTC)
Posts: 8
Location: UK
I have an app running under UltiDev Cassini (and very nicely too I should say!).

The app store user files in subdirectories under one specific directory on the server.

I need to be able to prevent users from accessing the files other than through my application - i.e. they should not be able to use explorer or other applications to access the files held within the directory.

So, my thoughts were to create the directory restricting access to a single user, being the user under which my application is running.

I have <authentication mode="None"/> in my web.config as I do login authentication in the web app.

I see from elsewhere that Cassini runs under NT AUTHORITY\SYSTEM.

Question 1 - with <authentication mode=None> is this the user that needs access permissions on the directory?
Question 2 - if yes to (1) is it possible to change this username to another more specific to my application?

In trying to see a way forward, I traced both of the following:-
Context.Request.LogonUserIdentity.Name
and
Context.User.Identity.Name

Neither of are set under Cassini?

Would appreciate your thoughts on a way forward on this

best regards
Back to top
Ultidev Team
#2 Posted : Friday, August 28, 2009 5:36:44 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi there!

If you need to prohibit all users from accessing some files, but still have access to them from your application code, a quick solution is to put your files in App_Data folder - web server does not allow downloading any files from it, but you still can access them from you application code.

If you need give access to files to some users but not another, then you will need to implement authentication. Having <authentication mode="None"/> means that you probably do not use any of the standard ASP.NET authentication methods. Although UltiDev Cassini does not support Integrated/Windows authentication, it does support Forms and Basic auth, albeit both send username and password in clear text because UltiDev Cassini does not support SSL. Your best option would be be to implement ASP.NET Forms authentication, because then you will be able to limit access to files and folders using "allow" and "deny" web.confg settings.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top
WWW
altraxis
#3 Posted : Sunday, September 6, 2009 11:29:16 PM(UTC)
Groups: Member
Joined: 8/27/2009(UTC)
Posts: 8
Location: UK
Thanks for your response.

The real issue is that my app runs under cassini on the clients local network, and I want to prevent users from accessing application data files on the network server using, for example, windows explorer. All application data files are held under a single folder, eg \MyAppDataFiles. It is important that these are not under my web app root.

From what I can see, I could change to user account under which Cassini runs using services -> properties -> log on tab.

So, by making the user account 'MyAppPrivateAccount' and setting the permissions on \MyAppDataFiles so that only 'MyAppPrivateAccount' can access the files should be a solution.

The remaining issue I have is how to do this as part of the installation process? Do you have any suggestions as to how to achive this?

My target is for a 'naive' end user to be able to install from a supplied CD.
Back to top
Ultidev Team
#4 Posted : Monday, September 7, 2009 5:12:22 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi there!

Changing user account context for Cassini service may be dangerous because it may break other applications hosted by Cassini and installed by your user. We can't support this case, unfortunately.

As for the limiting access to folders, your installer, which is likely to run from under administrator-level user account, could just ACL your MyAppDataFiles folder in a way that precludes non-admin users from accessing it, while allowing Local System access, which could probably eliminate the need for another user account for Cassini service.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top
WWW
altraxis
#5 Posted : Monday, September 7, 2009 5:39:12 AM(UTC)
Groups: Member
Joined: 8/27/2009(UTC)
Posts: 8
Location: UK
Thanks for this ... your suggestion does seem the tidiest way forward ... just need to get my head around setting ACLs at install time!

best regards
Back to top
Ultidev Team
#6 Posted : Monday, September 7, 2009 2:52:44 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Not a problem! Always happy to assist.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Back to top
WWW
Rss Feed  Atom Feed
Users browsing this topic
Guest (3)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.

Powered by YAF 1.9.5.5 | YAF © 2003-2011, Yet Another Forum.NET