📄 manual_security.html
字号:
<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft Developer Studio">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="KEYWORDS" content="ASP UPLOAD ASPUPLOAD PWS BLOB Personal Web Server IIS Internet Information Server ASP UPLOADING UPLOAD DEC ALPHA AlphaServer AspUpload Persits Software Persits Web ASP Active Server Pages Active Server Component Upload browser TYPE=FILE TYPE FILE Windows NT Web ACL ACE Access Control List Directory Listing Export Attribute FILE FREE RFC ie3 ie4 posting acceptor posting acceptor RFC1867 RFC-1867 1867 Component ENCTYPE multipart/form-data multipart SA-FileUp ActiveFile Database Multiple software artisans activefile vbscript activex jscript netscape internet explorer download downloading unique form limit size">
<meta name="KEYWORDS" content="ASP, UPLOAD, ASPUPLOAD, PWS, BLOB, Personal Web Server, IIS, Internet Information Server, ASP, UPLOADING, UPLOAD, DEC, ALPHA, AlphaServer, AspUpload, Persits Software, Persits, Web, ASP, Active Server Pages, Active Server Component, Upload, browser, TYPE=FILE, TYPE, FILE, Windows, NT, Web, ACL, ACE, Access Control List, Directory, Listing, Export, Attribute, FILE, FREE, RFC, ie3, ie4, posting acceptor, posting, acceptor, RFC1867, RFC-1867, 1867, Component, ENCTYPE, multipart/form-data, multipart, SA-FileUp, ActiveFile, Database, Multiple, software, artisans, activefile, vbscript, activex, jscript, netscape, internet, explorer, download, downloading, unique, form, limit, size">
<meta name="DESCRIPTION" content="AspUpload.com - the home of the most advanced upload solution for a Windows NT/ASP-based Web environment">
<TITLE>AspUpload.com - User Manual. Chapter 6</TITLE>
</HEAD>
<BODY BACKGROUND="bk.gif" LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<BASEFONT FACE="Helvetica, Arial" SIZE=1>
<!-- Main Data table -->
<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="705">
<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="160">
<FONT FACE="arial narrow" Size=2>
<B>
<IMG SRC="spacer.gif" BORDER="0" HEIGHT="15"><BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="index.html">Home</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="whatsnew.html">What's New</A>
<P>
<IMG SRC="sq.gif"><IMG SRC="square_pressed.gif"> <A HREF="manual.html">User Manual</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_intro.html">1. Introduction</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_simple.html">2. Simple Uploads</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_memory.html">3. Memory Uploads</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_db.html">4. Database</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_progress.html">5. Progress Bar</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small_pressed.gif"> 6. Security<BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_image.html">7. Images</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_unicode.html">8. Unicode</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_misc.html">9. Miscellaneous</A><BR>
<IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="sq.gif"><IMG SRC="square_small.gif"> <A HREF="manual_share.html">10. Hosting Issues</A><BR>
<P>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="objectreference.html">Object Reference</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="livedemo.html">Live Demos</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="support.html">Support</A>
<P>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="xupload.html">XUpload</A><BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="jupload.html">JUpload</A><BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="aspjpeg.html">AspJpeg</A><BR>
<P>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="download.html">Download</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="purchase.html">Purchase</A>
<P>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="clients.html">Clients</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="otherproducts.html">Other Products</A>
<BR>
<IMG SRC="sq.gif"><IMG SRC="square.gif"> <A HREF="contact.html">Contact Us</A>
<FORM TARGET="_new" ACTION="http://support.persits.com/emails/signup.asp">
<FONT FACE="Arial Narrow" SIZE="2" COLOR="#9C3131"><IMG SRC="sq.gif"><B>Newsletter Signup</B></FONT><BR>
<IMG SRC="sq.gif"><INPUT TYPE="TEXT" NAME="email" SIZE="15" VALUE="e-mail address"></FORM>
</B>
</FONT>
</TD>
<TD VALIGN=TOP WIDTH=545 ALIGN="LEFT">
<!-- Right Column with data -->
<IMG SRC="sq.gif"><BR>
<IMG SRC="manual.gif">
<BR>
<TABLE WIDTH=540 HEIGHT=2 CELLSPACING=0 CELLPADDING=0 BORDER=0>
<TD BGcolor="#FFCE00"><spacer type=block width=540 height=2></TD>
</TABLE>
<P>
<FONT SIZE=2 FACE=ARIAL COLOR="#000000">
<A HREF="manual_image.html"><IMG BORDER="0" SRC="next.gif" ALIGN="RIGHT" ALT="Chapter 7: Image Handling"></A>
<A HREF="manual_progress.html"><IMG BORDER="0" SRC="previous.gif" ALIGN="RIGHT" ALT="Chapter 5: Progress Bar"></A>
<B><U><FONT SIZE="3" COLOR="#990000">Chapter 6. User Impersonation and Permissions</FONT></U></B>
<P>
<B><FONT COLOR="#0000A0">What is Impersonation</FONT></B>
<BLOCKQUOTE>
By default, ASP scripts run under the security context of the
"Anonymous" user account <B>IUSR_machinename</B>. This user account
usually has very few permissions and if your script is uploading files to
a remote machine you are likely to receive the error <I>Access is denied</i>.
To overcome this problem, you may use the method <B>Upload.LogonUser</B> which
impersonates an arbitrary user account with sufficient permissions.
<P>
The LogonUser accepts three required parameters: a domain name, username and password.
Once a successful call to the LogonUser method is made, the rest of the script on
that ASP page will run under the security context of the specified user account.
For example:
<P>
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
<TR><TD BGCOLOR="#FFFF00">
<FONT SIZE="1" FACE="Courier New">
<%<BR>
Set Upload = Server.CreateObject("Persits.Upload")<BR>
Upload.LogonUser "mydomain", "Administrator", "xxxxxxxxx"<P>
' Upload to a remote drive<BR>
Count = Upload.Save("\\someserver\cdrive\upload")<BR>
%><BR>
</FONT></TD></TR>
</TABLE>
<P>
If an empty string is specified for the domain name, the local machine will be used
to validate the username and password.
On Windows NT/IIS4, if your virtual directory has the "Run in separate memory space"
option checked, the current user (IUSR_xxx) must have the
"Act as part of the operating system" privilege or you will get the error
<I>A required privilege is not held by the client</i>.
<P>
On Windows 2000/IIS5, you must set the "Application Protection" option to Low
(IIS Process) on your virtual directory to avoid the error
<I>A required privilege is not held by the client</i>.
</BLOCKQUOTE>
<B><FONT COLOR="#0000A0">Setting NTFS Permissions</FONT></B>
<BLOCKQUOTE>
AspUpload is capable of setting and changing NTFS permissions on uploaded files
via the methods <B>File.AllowAccess</B>, <B>File.DenyAccess</B>,
<B>File.RevokeAllowance</B> and <B>File.RevokeDenial</B>.
<P>
The methods <B>AllowAccess</B> and <B>DenyAccess</B> add an allowance access control
entity (ACE) and a denial ACE, respectively,
to the file's Access Control List (ACL). These methods expect an NT username
or group name, and a set of flags, as parameters.
<P>
The methods <B>RevokeAllowance</B> and <B>RevokeDenial</B>
remove an allowance and denial ACE, respectively, from the file's ACL.
<P>
The sample files <B>access.asp</B> and <B>access_upload.asp</B>
demonstrate the usage of the NTFS methods by allowing
a user to select a file, specify a username/password to impersonate,
an account to call AllowAccess on, and an account to call DenyAccess on.
<P>
This is what the file <B>access_upload.asp</B> looks like:
<P>
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
<TR><TD BGCOLOR="#FFFF00">
<FONT SIZE="1" FACE="Courier New">
<!--#include file="AspUpload.inc"--><P>
<HTML><BR>
<BODY><BR>
<%
Set Upload = Server.CreateObject("Persits.Upload")<P>
' We use memory uploads, so we must limit file size<BR>
Upload.SetMaxSize 100000, True<P>
' Save to memory so that we can access form items before file hits the disk<BR>
Upload.Save<P>
Username = Upload.Form("username")<BR>
Password = Upload.Form("password")<P>
If Username <> "" Then<BR>
' Specify domain name in first parameter, if necessary<BR>
Upload.LogonUser "", Username, Password<BR>
End If<P>
AllowName = Upload.Form("ALLOW")<BR>
DenyName = Upload.Form("DENY")<P>
' Save files to disk<BR>
For Each File in Upload.Files<BR>
File.SaveAs "c:\upload\" & File.FileName<BR>
Response.Write "File " & File.Path & " saved.<BR>"<p>
' Set allowance<BR>
If AllowName <> "" Then<BR>
File.AllowAccess AllowName, GENERIC_ALL<BR>
Response.Write "User " & AllowName & " granted access on file " & File.Path & "<BR>"<BR>
End If<P>
' Set denials<BR>
If DenyName <> "" Then<BR>
File.DenyAccess DenyName, GENERIC_ALL<BR>
Response.Write "User " & DenyName & " denied access on file " & File.Path & "<BR>"<BR>
End If<BR>
Next<BR>
%><BR>
</BODY><BR>
</HTML><BR>
</FONT></TD></TR>
</TABLE>
<P>
Note that this file uses the constant GENERIC_ALL to grant/deny full access to the file.
This constant, along with other permission flags and file attributes, is defined
in the file <B>AspUpload.inc</B> which is included in this ASP page using the directive
<P>
<B><!--#include file="AspUpload.inc"--></B>
<P>
Some of the valid flag combination for the AllowAccess and DenyAccess methods include:
<P>
Read (RX):GENERIC_READ + FILE_GENERIC_EXECUTE<BR>
Change(RWXD): GENERIC_READ + GENERIC_WRITE + FILE_GENERIC_EXECUTE + DELETE<BR>
Full Control (All): GENERIC_ALL<BR>
<P>
Click the link below to run this code sample:
<P>
<B><A TARGET="_new" HREF="http://localhost/aspupload/06_security/access.asp">http://localhost/aspupload/06_security/access.asp</A></B>
<A HREF="javascript:;" OnClick="open('helppopup.html','','width=400,height=400');"><IMG SRC="help.gif" BORDER="0" ALT="Why is this link not working?"></A>
</BLOCKQUOTE>
<B><FONT COLOR="#0000A0">Setting File Attributes</FONT></B>
<BLOCKQUOTE>
AspUpload enables you to set file attributes on uploaded files
such as read-only, hidden, etc. This is done via the property
<B>File.Attributes</B>. For example, the following
line of code sets the file's attribute to Hidden and Read-only:
<P>
<B>File.Attributes = FILE_ATTRIBUTE_READONLY + FILE_ATTRIBUTE_HIDDEN</B>
<P>
<P>
To add a new attribute while leaving existing attributes intact, you may say
<P>
<B>File.Attributes = File.Attributes + FILE_ATTRIBUTE_READONLY</B>
<P>
Don't forget to #include the file <B>AspUpload.inc</B> to be able to use the
constants such as FILE_ATTRIBUTE_READONLY, etc.
<P>
<A HREF="manual_image.html"><IMG BORDER="0" SRC="next.gif" ALIGN="RIGHT" ALT="Chapter 7: Image Handling"></A>
<A HREF="manual_progress.html"><IMG BORDER="0" SRC="previous.gif" ALIGN="RIGHT" ALT="Chapter 5: Progress Bar"></A>
<P>
</BLOCKQUOTE>
</FONT>
<P>
<TABLE WIDTH=540 HEIGHT=2 CELLSPACING=0 CELLPADDING=0 BORDER=0>
<TD BGcolor="#FFCE00"><spacer type=block width=540 height=2></TD>
</TABLE>
<P>
<CENTER>
<A HREF="index.html"><IMG SRC="logo_small.gif" BORDER=0></A>
<BR>
<FONT Face=arial size=1>
Copyright © 1998 - 2001 <A HREF="http://www.persits.com">Persits Software, Inc.</A><BR>
All Rights Reserved<BR>
AspUpload® is a registered trademark of Persits Software, Inc.<BR>
Questions? Comments? <A HREF="MAILTO:info@aspupload.com">Write us!</A>
</CENTER>
</TD>
</TABLE>
</BASEFONT>
</BODY>
</HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -