mapping to users home directory

[scmiles]

I am trying to write an asp or aspx page that will create
a virtual ftp directory to the users Active Directory
home directory. That way a user can interact (drag/drop,
copy/paste) via IE with folder view for ftp sites.

I have some code, that seems to be "flaky" it works for
me and some others, but not everyone. I really need to
get a stable version. My asp code is below. Having it
in ASP is fine, but it would be a bonus to have a solid
ASPX (ASP.net) solution.

There is one issue I have ran into that is pretty
annoying, and I am not sure if it can be fixed or not and
that is the security of the virtual directory and file.
I would prefer that when the user is at work on the
network and logged in with their AD account that they
would not be challenged to authenticate, but I could not
get the "request.ServerVariables("AUTH_PASSWORD")" method
to work unless Basic Authentication is used, requiring
the user to login. I do not know if this can be avoided
in ASP.net, but if I can use an aspx page that can get
the password without having to decrypt or whatever that
would be ideal. Anyway, here is the code I have:
----------------------------------------------------------
-------------------------
<%

strFullUserName = request.ServerVariables("AUTH_USER")
strUserPass = request.ServerVariables("AUTH_PASSWORD")
strWebServer = request.ServerVariables("SERVER_NAME")
strWebServerIP = request.ServerVariables("LOCAL_ADDR")

'Split domain and username

strUserDomain = strFullUserName
strUserDomain = Mid (strFullUserName, 1, Instr
(strFullUserName, "\")-1)
strUserDomainLength = len(strUserDomain)
strFullUserNameLength = Len(strFullUserName)
strUserName = Right (strFullUserName,
strFullUserNameLength - strUserDomainLength -1)

Set objUser = GetObject("WinNT://" & strUserDomain & "/"
& strUserName, user)
strUserHome = objUser.homeDirectory

strVD = "ftp://" & strWebServer & "/"


On Error Resume Next

Set IISOBJ = GetObject
("IIS://Localhost/MSFTPSVC/1/Root")
Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
strUserName)

Error.Number = 0


NewDir.Path = strUserHome
NewDir.AccessRead = True
NewDir.AccessWrite = True
NewDir.UNCUserName = strfullUserName
NewDir.UNCPassword = strUserPass
NewDir.SetInfo
Set NewDir=Nothing
Set IISObJ=Nothing
Response.Redirect( "ftp://testportal" )
'response.write ("Your P Drive Was Mapped
Successfully!"& "<a href=""ftp://testportal/"">Click
Here</a><br>")

%>

 

[Aaron Bertrand - MVP]

Connecting to LDAP, IIS, etc. is not going to work for authenticated users
that are 'peons'... they must be members of certain privilege groups in
order to create an IIS application; for example, guests and domain users do
not have this privilege.

So, this isn't necessarily that you have flaky code, but that you expect any
user to be able to create your objects. A possible alternative would be to
store the data or set some flag in a database, and have a VBS script that
runs as you or as Administrator, wake up every minute and see if there is a
user to add; if so, create the stuff. The VBS script would then run as a
user with enough privileges to create everything you want to create here.
Of course there would sometimes be a lag of up to a minute, between the time
the user entered the data via the ASP page, and when the directory was
actually created and available for use.

A

 

[Phillip Windell]

An FTP site?? FTP Servers don't do ASP.

An FTP Server will automatically dump a user into a folder if there is
a folder that matches their username. Just create a virtual folder
that is the same folder name as the username. Then point it to
whatever in the file system location you want it to be. When the user
logs in as the particular user name it will auotmatically dump them in
the right folder.

Example:

User name: JSmith

Virtual Directory: JSmith
Virtual Directory Physical Path: "C:\where\ever\the\files\are\"
Virtual Directory Logical Path: ftp://servername/jsmith

When user connect to it as JSmith they are automatically dumped into
thier proper folder. It might be their "ROOT" so it may only show up
as "ftp://servername", but I don't remember for sure. Just have them
upload a file, then you go look for it and see where it ended up.


--

Phillip Windell [CCNA, MVP, MCP]
(e-mail address removed)
WAND-TV (ABC Affiliate)
www.wandtv.com

 

[scmiles]

For testing purposes, the Everyone group has permissions
to the create the VD they need in the metabase.

 

[scmiles]

Please look at my code, this is what I am doing already,
programatically.

-----Original Message-----
An FTP site?? FTP Servers don't do ASP.

An FTP Server will automatically dump a user into a folder if there is
a folder that matches their username. Just create a virtual folder
that is the same folder name as the username. Then point it to
whatever in the file system location you want it to be. When the user
logs in as the particular user name it will auotmatically dump them in
the right folder.

Example:

User name: JSmith

Virtual Directory: JSmith
Virtual Directory Physical

Path: "C:\where\ever\the\files\are\"

Virtual Directory Logical Path: ftp://servername/jsmith

When user connect to it as JSmith they are automatically dumped into
thier proper folder. It might be their "ROOT" so it may only show up
as "ftp://servername", but I don't remember for sure. Just have them
upload a file, then you go look for it and see where it ended up.


--

Phillip Windell [CCNA, MVP, MCP]
(e-mail address removed)
WAND-TV (ABC Affiliate)
www.wandtv.com

I am trying to write an asp or aspx page that will create
a virtual ftp directory to the users Active Directory
home directory. That way a user can interact (drag/drop,
copy/paste) via IE with folder view for ftp sites.

I have some code, that seems to be "flaky" it works for
me and some others, but not everyone. I really need to
get a stable version. My asp code is below. Having it
in ASP is fine, but it would be a bonus to have a solid
ASPX (ASP.net) solution.

There is one issue I have ran into that is pretty
annoying, and I am not sure if it can be fixed or not and
that is the security of the virtual directory and file.
I would prefer that when the user is at work on the
network and logged in with their AD account that they
would not be challenged to authenticate, but I could not
get the "request.ServerVariables("AUTH_PASSWORD")" method
to work unless Basic Authentication is used, requiring
the user to login. I do not know if this can be avoided
in ASP.net, but if I can use an aspx page that can get
the password without having to decrypt or whatever that
would be ideal. Anyway, here is the code I have:
------------------------------------------------------- ---
-------------------------
<%

strFullUserName = request.ServerVariables("AUTH_USER")
strUserPass = request.ServerVariables("AUTH_PASSWORD")
strWebServer = request.ServerVariables("SERVER_NAME")
strWebServerIP = request.ServerVariables("LOCAL_ADDR")

'Split domain and username

strUserDomain = strFullUserName
strUserDomain = Mid (strFullUserName, 1, Instr
(strFullUserName, "\")-1)
strUserDomainLength = len(strUserDomain)
strFullUserNameLength = Len(strFullUserName)
strUserName = Right (strFullUserName,
strFullUserNameLength - strUserDomainLength -1)

Set objUser = GetObject("WinNT://" & strUserDomain & "/"
& strUserName, user)
strUserHome = objUser.homeDirectory

strVD = "ftp://" & strWebServer & "/"


On Error Resume Next

Set IISOBJ = GetObject
("IIS://Localhost/MSFTPSVC/1/Root")
Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
strUserName)

Error.Number = 0


NewDir.Path = strUserHome
NewDir.AccessRead = True
NewDir.AccessWrite = True
NewDir.UNCUserName = strfullUserName
NewDir.UNCPassword = strUserPass
NewDir.SetInfo
Set NewDir=Nothing
Set IISObJ=Nothing
Response.Redirect( "ftp://testportal" )
'response.write ("Your P Drive Was Mapped
Successfully!"& "<a href=""ftp://testportal/"">Click
Here</a><br>")

%>

.

 

[Aaron Bertrand - MVP]

IUSR_yourmachine is NOT in the everyone group for the domain!!!!!!!

 

[Ray at]

Unless "yourmachine" is a DC.

Ray at work

 

[Aaron Bertrand - MVP]

Unless "yourmachine" is a DC.

I don't know of too many DCs that are running ASP applications. Certainly
not where I would be running it, and certainly doesn't sound like a
foolproof way of "securing" the server...

 

[Ray at]

I don't know of many either. It's a bad idea, imo. But, I just wanted to
throw in the exception to the rule.

Ray at work

 

[Phillip Windell]

Unless "yourmachine" is a DC.

I think even then I don't think it is in the Everyone Group although
it would be a Domain Account. I wouldn't swear to it, but that is how
I think it is.

--

Phillip Windell [CCNA, MVP, MCP]
(e-mail address removed)
WAND-TV (ABC Affiliate)
www.wandtv.com

 

[Ray at]

I just looked at the iusr domain account that exists in my domain. (I HAVE
NOTHING TO DO WITH THE FACT THAT IIS IS INSTALLED ON OUR DCS!)

ifmember /verbose /list OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
User is a member of group OUR_DOMAIN_NAME\Domain Admins. <--- NICE!!
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.

--SOME OTHERS

So, it is part of everyone. And thanks to this post, I now see that some
brilliant coworker put this user in domain admins... I'll have to find out
what's up with that. Thanks!

Ray at work

Unless "yourmachine" is a DC.

I think even then I don't think it is in the Everyone Group although
it would be a Domain Account. I wouldn't swear to it, but that is how
I think it is.

--

Phillip Windell [CCNA, MVP, MCP]
(e-mail address removed)
WAND-TV (ABC Affiliate)
www.wandtv.com

 

[Ray at]

I apologize. This is wrong. This is my group listing. Oops. But, here is
the correct response. The user IS a member of everyone.


showgrps /a OUR_DOMAIN_NAME\iusr_OUR_DC_NAME

User: [OUR_DOMAIN_NAME\iusr_OUR_DC_NAME], is a member of:

\Everyone




Ray at work

I just looked at the iusr domain account that exists in my domain. (I HAVE
NOTHING TO DO WITH THE FACT THAT IIS IS INSTALLED ON OUR DCS!)

ifmember /verbose /list OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
User is a member of group OUR_DOMAIN_NAME\Domain Admins. <--- NICE!!
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.

--SOME OTHERS

So, it is part of everyone. And thanks to this post, I now see that some
brilliant coworker put this user in domain admins... I'll have to find out
what's up with that. Thanks!

Ray at work

Unless "yourmachine" is a DC.

I think even then I don't think it is in the Everyone Group although
it would be a Domain Account. I wouldn't swear to it, but that is how
I think it is.

--

Phillip Windell [CCNA, MVP, MCP]
(e-mail address removed)
WAND-TV (ABC Affiliate)
www.wandtv.com

 

[Phillip Windell]

OK..

I apologize. This is wrong. This is my group listing. Oops. But, here is
the correct response. The user IS a member of everyone.


showgrps /a OUR_DOMAIN_NAME\iusr_OUR_DC_NAME

User: [OUR_DOMAIN_NAME\iusr_OUR_DC_NAME], is a member of:

\Everyone




Ray at work



"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message

I just looked at the iusr domain account that exists in my domain.

(I

HAVE
NOTHING TO DO WITH THE FACT THAT IIS IS INSTALLED ON OUR DCS!)

ifmember /verbose /list OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
User is a member of group OUR_DOMAIN_NAME\Domain Admins. <--- NICE!!
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.

--SOME OTHERS

So, it is part of everyone. And thanks to this post, I now see that some
brilliant coworker put this user in domain admins... I'll have

to find
out

what's up with that. Thanks!

Ray at work

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message Unless "yourmachine" is a DC.

I think even then I don't think it is in the Everyone Group although
it would be a Domain Account. I wouldn't swear to it, but that is how
I think it is.

--

Phillip Windell [CCNA, MVP, MCP]
(e-mail address removed)
WAND-TV (ABC Affiliate)
www.wandtv.com

 

[Aaron Bertrand - MVP]

I apologize. This is wrong.

I was going to say, if he were a member of domain admins, then the whole
setup is sketchy, because someone must have purposely done that.

 

[Ray at]

It would not surprise me where I work. I see random users in the domain
admins group all the time. "Oh, so and so needed permissions to install a
program, so I put him in the domain admins group so he'd have admin rights
on the local workstation." "Why didn't you at least just add him only to
the local admin group on his machine." "How do I do that?" Nice.

Ray at work

 

[Aaron Bertrand [MVP]]

on the local workstation." "Why didn't you at least just add him only to

the local admin group on his machine." "How do I do that?" Nice.

And we wonder why half of the jobs in the IT industry are being outsourced
to India.