Say you have a public ASP.NET (or Classic ASP) application on IIS with a script/page that needs to write or update files in a specific folder that is located within the web publishing folder tree.
1) What is the proper way to set this up?
My main concern is that I want to let the ASP/ASP.NET apps write to a folder, but I don't want regular http users to be able to PUT files into it.
Best Answer
First let me start by saying, I'm a pretty big believer that there is almost always a better solution than writing stuff out to disk. Whether it's writting the data to a database, or feeding web services, writing out to disk should be the last option.
That being said there are some valid reasons, but this is sort of tricky and dependent on why the app needs to write out the files.
Having the data written outside of where code is running from is an absolute requirement. Allowing end users to write to a path where the ASPX/asp engines can interpret/execute code is bad for obvious reasons.
Some other things that impact this are: