How To Upload Files to Internet Information Services When You Drag the File to the Internet Explorer Page (319782)


The information in this article applies to:

  • Microsoft Internet Explorer (Programming) 4.01 SP1
  • Microsoft Internet Explorer (Programming) 5.01
  • Microsoft Internet Explorer (Programming) 5.5
  • Microsoft Internet Explorer (Programming) 5.5 SP2
  • Microsoft Internet Explorer (Programming) 6.0
This article was previously published under Q319782

SUMMARY

To upload files to the Web server, you do not have to use any server components to process the uploaded files.

MORE INFORMATION

The solution that is described in this article works for any Web server that can handle Distributed Authoring and Versioning (DAV). You use the Active Server Pages (ASP) script that follows only to parse user names and then to make sure that the files that you upload save in the correct user directory with a name that matches the user name.
If your server cannot handle ASP pages, you must modify the HTML that follows so that the target directory name is hardcoded. Then you need no ASP script.

Steps to Upload Files


  1. Create a virtual directory on the Web server. Allow write permission. You can also create a subdirectory for each user who is authorized to upload files. The following script uses this directory to upload files for authenticated users.
  2. Save the following file on the server as an ASP file.
  3. You can also configure the file so that it is password protected. This permits different users to upload files and then to save them in corresponding directories.

<HTML>
<HEAD>

<STYLE>
A {behavior: url(#default#AnchorClick);}
</STYLE>

<TITLE>Upload Page</TITLE>
</HEAD>
<BODY>

<h1> Welcome to upload page </h1>
On this page you can upload files to the Web server. Click link
below andrea drag files to the page.
<hr>

<%@ LANGUAGE="VBSCRIPT" %>

<%
Dim Url
Dim UserDir

' modify next line to specify dir containing user sub-dirs, i.e.
' actual user directory will be /upload/users/LeonBr
' LeonBr part will come from authenticated user.

UserDir = "/upload/users"

' User will look like this DOMAIN\leonbr
' we only need user name

UseNameNotParsed = Request.ServerVariables ("AUTH_USER")
StrSize = Len (UseNameNotParsed)
SlashPos = InStr (UseNameNotParsed, "\")
UserName = Right (UseNameNotParsed, StrSize-SlashPos)

Url = "http://" & Request.ServerVariables ("SERVER_NAME") & UserDir & "/" & UserName%>
<A HREF = "<%=Url%>" FOLDER = "<%=Url%>"> Upload to Web Folder</a>

</BODY>
</HTML>

IMPORTANT You must grant virtual directory /upload/users at least read/write permissions. When you configure a virtual directory to upload files, you can introduce a security hole because users can upload malicious files and then can run them.

If this virtual directory has execute permissions or if it has any App Mappings properties for scripts, you cannot upload executable files or scripts with mapped extensions. This is because the Head request that the browser uses fails.

REFERENCES

317310 Posting Acceptor Availability and Support Options

Modification Type:MinorLast Reviewed:7/13/2004
Keywords:kbhowto KB319782
©2004 Microsoft Corporation. All rights reserved.