logo
vbRad Home
Source Code
Book Reviews
Forum
Links
About Us
Contribute

Compare Databases with SQL Effects Clarity
 
 Create IIS Virtual Directory
Posted on
8/7/2002
 Author:
Robert Gelb
 Email:
Not Shown
Applies To OS:
NT, 9x, 2000
 Product:
5, 6



Download... the project. (6 kb)

This is a question that is often asked in the newsgroups: How do you create a IIS virtual directory programmatically. Usually, whacky solutions are offered such as simply creating a folder under \inetpub\wwwroot. Well, solutions like this generally do not work because IIS folder is a bit more than just a folder. There are permissions involved, etc... And what if you want your IIS virtual folder to point to a directory other the one under \inetpub\wwwroot.

Included in the download you'll find a class that will allow you to create a virtual IIS folder the right way. The class includes the following properties & methods:

Method/Property Description
Create This method creates the virtual directory, dah! Returns True if successful. If not, get the error description from LastError property
VirtualDirectoryName The name of the virtual directory, you know, the stuff after http://localhost/...
PhysicalDirectoryName The folder to which the virtual directory points. This is where all your asp files are. If this folder does not exist on the disk, the class will create it for you.
ApplicationOwner Name of the user that runs the app. Default is IUSR_MACHINENAME
AllowScriptsToRun Indicates whether IIS will allow running ASP scripts.
RunApplicationInProcess Indicates whether your web app runs in IIS process.
LastError if Create method fails, this property contains the error

Below is an example of how easy it is to create a standard virtual directory.

    Dim oIIS As IISVirtualDirectory
    
    Set oIIS = New IISVirtualDirectory
    With oIIS
        .PhysicalDirectoryName = "c:\MyPhysicalDir"
        .VirtualDirectoryName = "MyVirtualDirectory"
        If .Create() Then
            MsgBox "Created"
        Else
            MsgBox .LastError
        End If
    End With
    
    Set oIIS = Nothing

That's all folks. Some notes: for setting permissions the class relies on the CACLS.EXE file that has shipped with NT, 2000, XP since 1993. If you are running WinNT or Win2000 on FAT or FAT32, the permissions are a moot point, since those file allocation schemes do not support permissions. Note that this article is based on code that Microsoft has provided for the ASP developers.

Download... the project. (6 kb)
Add Your Comment  

Name: Email Address: all fields optional
Notify me via email when someone responds to this message (valid email required).

Enter the word:
 



Comments
#1. By Krok. Posted on 1/4/2006 6:11:18 AM
quotes from the advisory: Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.

So this means they disable setting the default user as a superuser? This means they abandon IE? Or this means they just patch one of possibly hundreds of exploitable bugs which lead to full control of a MS Windows XP default installation?

In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures.

So is it all about making money and not at all about improving security?

What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could take complete control of the affected system.

The user was only visiting a malicious web site, right? "So lets make a list of all malicious web sites in future implementations of MS IE" instead of fixing the underlying problems?

This is really ridiculous.

#2. By Anonymous. Posted on 3/23/2006 4:50:45 AM
Where can I find code that does exactly the same thing as this but written in ASP?

#3. By Anonymous. Posted on 3/26/2008 5:52:38 PM
Thanks. This hit the spot.

#4. By PMR. Posted on 11/17/2009 10:17:42 AM
Does it work for Windows 2008 also?