Securing the File Manager Using Windows Security

In the design section of this chapter we explained why security is a fundamental requirement and why we chose to use Windows security. Creating our own forms-based security system will be covered in the next chapter, and later chapters will show how to use it. It would be easy to apply this method to the file manager, and might be the best solution on other sites. But for ThePhile, Windows security is best.

 

IIS provides security control against IP, user, virtual directory, and NTFS resources. The IP-blocking mechanism allows the administrator to block or process requests coming from a selected range of IP addresses, and is very useful when you know in advance the IPs of the allowed computers, such as when you are working with a intranet, or when you're using a static IP. IIS also allows you to grant or deny read and execute privileges to a virtual directory and all the folders underneath, and to limit the rights of the anonymous user who accesses and browses the site (you typically allow this user to read the pages of a public section, but prevent any writing). Windows NT security is administered through the ACL (Access Control List), a list of permissions for every resource on NTFS partitions (FAT partitions are not supported). In this case we'll be using only the basic Windows NTFS security, but if you have the ability to do so, then you can also set up IP blocking, encryption, and any other available security mechanisms.

 

First of all we create a new user from the Computer Management console: choose the name, description, and password, and when you're done you'll see the new user added to the list. In our test we have created a user named ThePhileMaster, as shown in the list:

 

Now create a new group, name it ThePhile_FileManagerAdmins, and add the ThePhileMaster user to the list, as illustrated:

 

 

Now we have to declare permissions on the website folder and content. To do this, open Windows Explorer, select the physical directory of /localhost/ThePhile (E:\Inetpub\wwwroot\ThePhile on my system) and go to its properties through File | Properties. Switch to the Security tab, and select all the permissions for the ThePhile_FileManagerAdmins group, as follows:

 

It's worth noting that although we can grant permissions to a specific user and not to the entire group, if we give a group permission to access a resource then we can later add users to that group without having to manually give every single user permissions to the resource. From the same dialog in Windows Explorer we remove the permissions of the IUSR_MACHINENAME user, that is, the Internet anonymous user. Finally, go to the IIS management console, and set the Integrated Windows Security for the FileManager folder. Note that the integrated security will only work with Microsoft browsers, unless Basic Authentication or forms authentication is used. This is not a big issue in this case, though, as you can force one of the few administrators to use Internet Explorer. It would be a much more serious problem if we were planning to use this type of security to authenticate/authorize thousands of users that we don't even know.

 

Now when we try to open the BrowseFiles.aspx page from a browser, we get the login dialog asking for our username and password, as shown in the following screenshot:

 

 

There's a lot more to Windows security - such as impersonation, anonymous access and other authentication methods, use of certificates, encryption and SSL - but here we just want a working solution for our web module. However, you should seriously consider security and all the available ways to enhance it. There are many Windows security books available. Windows 2000 Security (New Riders, ISBN 0-735709-91-2) and Windows 2000 Security Handbook (McGraw-Hill, ISBN 0-072124-33-4) are both strong titles.

 

Remember that Windows security can be set up through the web.config file, but we can't have more than one form of authentication/authorization in the same application. In the next chapter we'll be implementing forms-based authentication, so we can't have a different mode for the file manager. Since you need to access the IIS and folder settings only once to enforce Windows security in the traditional way, this is not a big problem. However, should you need to often or dynamically add/edit/remove administrators, then read the next chapter and integrate the accounts/security module to use forms-based authentication here as well.

 

Database Management Online

There are several third party tools that allow an administrator to manage a site's databases online. We're going to install a completely free tool (source code included!) - developed by Microsoft - that can be a great help for managing SQL Server databases. This tool is called Web Data Administrator, and can be downloaded from the following URL:

 

http://msdn.Microsoft.com/code/default.asp?url=/code/sample.asp?url=/msdn-files/026/002/

458/msdncompositedoc.xml.

 

Simple database managers, such as the one that might be included in your hosting plan, usually consist of a page with a few textboxes to type in the connection string with your username and password, and the actual SQL commands. Our tool does much more than this; it can dynamically display and interact with many DB objects, such as tables, stored procedures, and so on. This is possible because it uses the SQL-DMO (Distributed Management Interface) library, a COM-based interface that allows us to programmatically manage SQL Server's objects and data. These COM objects are loaded through the .NET interoperability services. To find out more about SQL-DMO, refer to Professional SQL Server 2000 (Wrox Press, ISBN 1-861004-48-6). Or for more about .NET interoperability services refer to Professional C# (Wrox Press, ISBN 1-861004-99-0).

 

After downloading the WebdataAdmin.msi installation package, execute it, specify a virtual folder where you want to install the application, and in a few seconds it will be done. Of course, in some cases the task will be persuading the ISP to install it for you. We installed the tool under /localhost/ThePhile/Modules, but this created a new web application. We don't want a new virtual directory, since we're already working under the domain of the ThePhile application. So, switch to the IIS snap-in, select the DataAdmin virtual directory, go to its properties, and click the Remove button on the right side of the Application Name textbox. Now DataAdmin is a normal subdirectory, and we must move the assemblies from the DataAdmin/bin folder to ThePhile/bin.

 

The Data Administrator's Help subfolder documents show how to use the tool.

Summary

This chapter presented the design and implementation of a web module, called FileManager, which provides functionality to:

 

q        List and navigate folder contents

q        Create directories

q        Create and edit text files

q        Download files

q        Upload files

 

q        Rename files and directories

q        Modify file/directory attributes

q        Delete files

q        Copy and move files

 

This tool can help you to effectively manage your site files, resources, and directory structure. For all but very major updates, we can now rely on this tool without the need for external FTP clients or
other tools.

 

We also saw how to set up Windows security to protect the FileManager module from
unauthorized access.

 

Later in the chapter we installed and explored Microsoft's Web Data Administrator tool, which helps in the online management of SQL Server databases. It's particularly useful when the database serving the website is located on a remote server.

 

Before concluding, here are a few new features that you could add to enhance the FileManager:

 

q        Support for multiple file uploads. This would require the addition of other HtmlInputFile controls, and the use of the Request.Files collection to handle the uploaded files.

q        A sort facility that allows the user to click on the grid's columns to sort the directories and files by name, size, or creation date.

q        Logging the most significant operations, such as file or directory deletion, and adding a page to enable certain administrators to easily access this information (the logged events, their details, and the responsible users).

q        Creating different levels of administrators that each have different permissions. With Windows security you can create users that cannot, for example, write or list files. But we could push this one step further, and show or hide the links for creating, deleting, and editing elements according to the current user and the group they belong to. For some purposes, we might also want to integrate the security for this module with the security system we will develop in the next chapter.

In the next chapter we'll look at building a module that allows administrators to manage the site's users and their roles, granting or denying them access to particular sections and features.

Copyright and Authorship Notice

This chapter extract is taken from "ASP.NET Website Programming" by Marco Bellinaso and Kevin Hoffman published by Wrox Press Limited in March 2002; ISBN 1861006934; copyright © Wrox Press Limited 2002; all rights reserved. No part of this chapter may be reproduced, stored in a retrieval system or transmitted in any form or by any means -- electronic, electrostatic, mechanical, photocopying, recording or otherwise -- without the prior written permission of the publisher, except in the case of brief quotations embodied in critical articles or reviews.