Microsoft KB Archive/319782

= How To Upload Files to Internet Information Services When You Drag the File to the Internet Explorer Page =

Article ID: 319782

Article Last Modified on 7/13/2004

-

APPLIES TO


 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer (Programming) 5.5 SP2
 * Microsoft Internet Explorer (Programming) 6.0

-



This article was previously published under Q319782



SUMMARY
To upload files to the Web server, you do not have to use any server components to process the uploaded files.



MORE INFORMATION
The solution that is described in this article works for any Web server that can handle Distributed Authoring and Versioning (DAV). You use the Active Server Pages (ASP) script that follows only to parse user names and then to make sure that the files that you upload save in the correct user directory with a name that matches the user name.

If your server cannot handle ASP pages, you must modify the HTML that follows so that the target directory name is hardcoded. Then you need no ASP script.

Steps to Upload Files

 * 1) Create a virtual directory on the Web server. Allow write permission. You can also create a subdirectory for each user who is authorized to upload files. The following script uses this directory to upload files for authenticated users.
 * 2) Save the following file on the server as an ASP file.
 * 3) You can also configure the file so that it is password protected. This permits different users to upload files and then to save them in corresponding directories.

 

 A {behavior: url(#default#AnchorClick);} 

Upload Page  

Welcome to upload page On this page you can upload files to the Web server. Click link below andrea drag files to the page.

<%@ LANGUAGE=&quot;VBSCRIPT&quot; %>

<% Dim Url Dim UserDir

' modify next line to specify dir containing user sub-dirs, i.e. ' actual user directory will be /upload/users/LeonBr ' LeonBr part will come from authenticated user.

UserDir = &quot;/upload/users&quot;

' User will look like this DOMAIN\leonbr ' we only need user name

UseNameNotParsed = Request.ServerVariables (&quot;AUTH_USER&quot;) StrSize = Len (UseNameNotParsed) SlashPos = InStr (UseNameNotParsed, &quot;\&quot;) UserName = Right (UseNameNotParsed, StrSize-SlashPos)

Url = &quot;http://&quot; & Request.ServerVariables (&quot;SERVER_NAME&quot;) & UserDir & &quot;/&quot; & UserName%> &quot; FOLDER = &quot;<%=Url%>&quot;> Upload to Web Folder

 

IMPORTANT You must grant virtual directory /upload/users at least read/write permissions. When you configure a virtual directory to upload files, you can introduce a security hole because users can upload malicious files and then can run them.

If this virtual directory has execute permissions or if it has any App Mappings properties for scripts, you cannot upload executable files or scripts with mapped extensions. This is because the Head request that the browser uses fails.

