Monday, January 29, 2007

HOWTO: POST Resources to IIS

Question:

i'm working on a piece that requires companies to be able to POST data to one another's web sites using just the URL without page name (i.e. http://doc_uploads.partnetsite.com). there's also no need for any kind of web interface at either end, so i can't expect to grab the data from a form field and save to disk. simply put, using an application like CURL, i should be able to execute a command that says "post myFile.txt to http://doc_uploads.partnersite.com".

i need to figure out how to configure doc_uploads.mysite.com to listen for POST commands and start up an application to capture the POST data and save to disk.

i've seen a few articles on how to use microsoft's posting acceptor to do file uploads, but this requires having the user fill in fields on a page which i can't ask the sender to do.

anybody have any idea how to pull this off? i thought i knew IIS pretty well, but this one has me totally stumped.

Answer:

I can think of a few ways to do what you are asking on IIS, and each has its benefits and drawbacks. In no particular order:

  • Use IIsWebFile to configure a specific URL's Default Document to be the POST acceptor.
  • Use ISAPI Filter to rewrite specific incoming URL without page name to URL with the POST acceptor as the page name
  • Enable and use WebDAV PUT

Whichever is "better" depends on which benefit(s)/drawback(s) you require. The benefits and drawbacks of each approach are as follows, in no particular order.

DefaultDocument/IIsWebFile

This solution is simply IIS configuration of the POST acceptor code. It requires IIS6 on Windows Server 2003, and the POST request URL must end with a backslash to invoke the Default Document without needing 302 courtesy redirection for POST support from the client (i.e. client sends POST to http://doc_uploads.partnetsite.com/).

ISAPI Filter

The ISAPI Filter solution requires writing and maintaining C code for the ISAPI Filter, code for the POST acceptor, and IIS configuration for both the ISAPI Filter and POST acceptor code. It works on any IIS version and there are no requirements on the format of the POST request URL.

WebDAV

WebDAV is purely IIS configuration - no POST acceptor nor C code required. It works on all IIS versions that support WebDAV (pretty much all currently supported IIS versions except the latest IIS7 release, but that should be fixed soon), and the request must look like PUT http://doc_uploads.partnetsite.com/myFile.txt and myFile.txt will be available for retrieval by anyone via GET http://doc_uploads.partnetsite.com/myFile.txt UNLESS you control all applications on IIS from inadvertently serving that resource via some mechanism (NTFS ACLs, IIS Access Permissions, etc).

i.e. once you PUT a file to the web server, it can be retrieved via GET. This is different from a POST acceptor which can be configured to store files outside the URL namespace to avoid inadvertent web-based access of those uploaded resources.

Conclusion

I have only provided the categories of solutions possible - the specific solution for your situation requires more details about your requirements. You do not need to worry about user interactivity, FORM fields, grabbing data, Posting Acceptor, etc - all those tasks can be automated. There are many ways to "post myFile.txt to http://doc_uploads.partnersite.com", and you have only scratched the surface of your requirements...

//David

18 comments:

Unknown said...

many thanks, david.

i'm looking for the "path of lease resistance" on this one as i've got about 1 day to figure this out. as i don't know C and leaving the file on the server available via GET isn't an option, it looks like i'm headed toward "Default Document" option. you mention that the url must end with a backslash. i'm guessing you meant forward slash?

you also mention that this option requires IIS6 on win2003. default document configuration was available on IIS5 and probably was available on earlier verions of IIS. is the default document requirement on IIS6/win2003 different somehow?

if i understand you correctly, if i place a C# applicaiton on the web server named something like "default.aspx" it should kick in when the user POSTS to http://doc_uploads.mysite.com/ and from there i should be able to sniff a POST request and parse out the posted data?

how do i go about implementing the 302 redirect if the user POSTS to http://doc_uploads.mysite.com?

tks again.

David Wang said...

Yes, I meant slash.

The ability to POST to a DefaultDocument requires IIS6. Prior IIS versions will return "405 Method not Allowed". That is simply a limitation of the IIS Request Processing Pipeline.

Yes, ASP.Net page configured as DefaultDocument can sniff the POST request if ASP.Net is enabled on IIS6.

You have no way to control nor be notified of the courtesy 302 redirect because it comes from the IIS Request Pipeline.

If a user POSTs to http://doc_uploads.mysite.com and no ISAPI hijacks the request (as per my ISAPI Filter option), IIS6 will send the 302 redirect (prior versions send 405), and the question is whether the client supports redirected POST. There is nothing you can do on the server.

//David

Anonymous said...

Here is WebDAV server library that work with IIS 7: www.webdavsystem.com

Gold Guide for World of Warcraft said...

good post :)

rootpp said...

milf videos
Thanks for such a great post and the review, I am totally impressed! Keep stuff like this coming.

gurgaonindustry said...

Schools In Gurgaon | Hotels In Gurgaon | Hospitals in Gurgaon | Jewelers In Gurgaon


i like your blog

Anonymous said...

which averages to about 7,353 watches per year.
http://www.watchestoo.com
replica watches
Men’s watches
Fake watches
ROLEX
rolex oyster perpetual datejust watch
rolex oyster perpetual datejust replica watch
rolex oyster perpetual datejust
rolex ladies datejust
rolex 116200
rolex 18k
rolex stainless
BREITLING
TAG HEUER
CARTIER
OMEGA
IWC
u boat
iw500112
IW376705

Roy said...

buy dstti
buy supercard dsonei
tiffany jewelry
supply best swarovski crystal
step up converter
E Cigarette
buy m3i zero
buy itouch DS
buy acekard 2i
wholesale blackberry phone
wholesale ed hardy jeans
keychain
laptop ac power adapter
manolo blahnik

artrepro said...

abstract oil paintings
impressionist oil paintings
landscape oil paintings
still life oil paintings
flowers oil paintings
religious oil paintings, etc.
buy oil paintings online

walkintub said...

That is some inspirational stuff. Never knew that opinions could be this varied. Thanks for all the enthusiasm to offer such

helpful information here.
I bookmarked it into my facebook and digg and share the good stuff with my friends too,Keep up work.Is there more aspect

about this subject walk in tub|
walk in tubs|
walk in baths|
walk in bathtubs
?I am looking forward to seeing it.

Anonymous said...

For those of you who own louis vuitton or would like to someday, just know that how you treat lv will affect the longevity of the bag. You can pass Louis vuitton bags down to the next generation if you take care of it. louis vuitton handbags were made to last for a lifetime. The quality of each bag speaks for itself. All I am saying is handle with care.

manolo blahnik scarpe said...

thx for sharing ...xoxo

China heat pump industry analytics said...

I learned many tips in the website: heat pump China.

My friend, Jack, an IT company guy, bought 2 domestic heat pumps for his new house prepared for his wedding in October.

The building of InTime installed 10 units of commercial heat pumps last year. They bought these air water heat pumps from a famous manufacturer in China with an ideal price.

In recent years more and more pools began to install swimming pool heat pumps, which are considered as better alternative of electric heaters.

For beginners: air water heat pump ABC: What is a domestic heat pump? It's for residential use, generally including main untis and water tanks; What is a commercial heat pump? It's for commercial or industrial use; What is a swimming pool heat pump? It's for swimming.

Anonymous said...

However, ugg boots which owns a array of acclaimed designers, not abandoned delights women by contemporary styles, but aswell by absolute abundance and practicality.Sheepskin ugg is absolutely crafted from wool. Many times, uggs are befuddled abroad because they get adulterated or channelled afterwards getting beat for one season, instead of acceptable out of date. There are lots of styles in the accumulating of affidavit ugg sundance , accoutrement tall, abbreviate and abate versions. Due to adaptable sheepskin, these ugg sundance boots do not get channelled or torn even admitting you bend and extend them times.

Anonymous said...

These ugg australia are incredibly comfortable
as the sheepskin is providing excellent insulation against the cold but also absorbs excessive
moisture while letting your feet breath. To get the best fit in our ugg bailey button
it is best to measure your bare foot. To do this measure your ugg boots
from heel to longest toe.

Oil Paintings said...

Thanks Dear For This Great Post,It Such A Nice Blog Thanks For Sharing This Post With Us.

Anonymous said...

LY Digitizing has been in the business for over 10 years. They would like to offer you the best digitizing services and embroidery products with a very reasonable price. With advanced technology, equipment and embroidery digitizing software. They offer quick, efficient, competitive price and top quality embroidery dgitizing. LY Digitizing possess highly skilled professional art designers, digitizers, machine operators and computer professionals with innovative and creative abilities to give the best exquisite embroidery products for every customer.

ice maker said...


I know this if off topic but I'm looking into starting my own weblog and was large ice machine curious what all is required to get set up? I'm assuming having a blog like yours would cost a pretty penny? I'm not very internet smart so I'm not 100% positive.