Not sure 100% if this fits in to the security category, but hey it's my first post and I'll learn quickly.

I have an asp.net website that must allow users who have been successfully authenticated to view a suite of word documents. However, these documents are stored on a file server. The file server is on our company domain and the web server is in a DMZ. What is the best way to allow documents to be copied from the application server up to the web server ready for view when a user logs in.

I was thinking that we could set up a system account on the web server that has the privliges to get the documents from the file server. When the user logs in the process of copying up the documents to the web server would be done by this new account. However, our infrastructure guys think that this is a bad idea as it would allow anyone who has compromised the web server free access to the secure documents. They recommened using an application server inside the domain that receives requests from the web server. When a request is received the application server would do the copy process.

I'm really in the dark about the best way to achieve this. There must be a best practivce way of retrieving content from another server and uploading them to a web server. Obviously we would have to amend our firewall rules to allow this to happen.

Any help or guidance would be appreciated.

 Thanks in advance!

I'm agreeing with the infrastructure guys. Letting a machine in the DMZ know something about the inside is not a good idea.

What you could do, is set up some kind of push-service towards the machine placed in the DMZ from the inside. Setting up file-synchronization from the inside perhaps? FTP? That way, the DMZ machine won't know anything about the inside, and you can still publish the documents. No documents containing sensitive information are to be published, correct? If that is true, you can't use something on the DMZ. Or, you can, but I wouldn¨t beacuse it's to insecure. In that case I'd look towards VPN.

Cheers!

/Eskil

 As I understand the problem you can program a windows service that has a file watcher and as soon as the user login in, the website dumps a file in the directory watched by the service, the service will read the username and password from the file and authenticates the user which add another level of security. After that the service reads the files from your application server and copies them to the a local folder accessible by the website. The website will read the files and display them. You might need to use Ajax to make asynchronous calls checking for the files if ready or not.

 
Hope this helps. 

Sounds like exactly what I need. Like the idea of adding the username and password in the file, as I can set up a connection from the app server to to our SQL server where the .Net Membership database is located. I grabbed a Windows Service template from Code Project, which is pretty good as a starting point. Think I'll be ok from here. Thanks so much!