0

I have a asp.net mvc application that uses shared location on different machine to store images for its users, as I have created a virtual directory for the shared location on IIS 7.5 the application is able to upload images and retrieve, but the concern is with security issue i.e. the virtual directory is exposed without security. Can someone please suggest as how to implement impersonation on this as the shared location is a virtual folder on a different machine and MVC application reside on another machine, any suggestion or help on this would be of great help.

EkoostikMartin
  • 6,831
  • 2
  • 33
  • 62
Harry
  • 338
  • 1
  • 6
  • 19

1 Answers1

0

Avoid using impersonation!

Don't store your images in a virtual directory, store them in a location that is inaccessible by the website directly. Since you are using MVC you can simply serve the images yourself using a controller action and add the security you need there.

Community
  • 1
  • 1
Erik Philips
  • 53,428
  • 11
  • 128
  • 150
  • Thanks Erik for your response I have gone though both the links and they are quite useful but my requirement is little different i.e. the image files are stored on a network drive which is created as a virtual dir on IIS and have to be secure from outside. – Harry Sep 17 '13 at 05:22
  • So you want the IIS Process to impersonate the person for the network drive to access the Image? This, would still not require impersonation from IIS nor a Virtual Drive in IIS. – Erik Philips Sep 17 '13 at 05:53
  • actually only reason for me to create a virtual directory is as chrome and Firefox are failing to take //usr01//image as path in tag so I have to create a virtual directory now the issue was how to secure the virtusal dir http://Images mapped to //usr01//image path. – Harry Sep 17 '13 at 06:03