I would like to create a new application using ASP classic or ASP.NET (vb based). .aspx pages in VB (absolutly not C#)
The new portal/application must allow me (after login) or other users allowed to store and retrieve file via browser. The application will work into an intranet (no internet) and will be designed for publishing files and sharing files to other users.
The new portal/application will work under IIS 10 (Windows).
Admin side, the portal must set few parameters like start/stop of service, http/https protocol, port (default 80), log of access/upload/deletion, time of upservice, users/groups (1 group----> n users), ... One Admin only. Admin no access to the application (file upload and management) but only environment configuration.
Users can: - file upload (using drag & drop too) to server repository. Every type of file (.jpg, .xls, .doc, .dwg, ...); - file and directory browse (server repository) [something like "File explorer" of windows]; - allow another user of another group to see a file and/or a directory; - download a file/directory. Download directory could be in .zip mode; - rename a file/directory; - check the differences between the contents of two directories (f.e. the file aaa.txt exists here and not there); - delete a file/directory (multiple selection).
File uploaded must be written into Windows filesystem (no into database).
File list (attachment FileList.jpg) must have: - filename (with ext); - last update of the file - file size - who/user that has uploaded/modified that file
Please explain to me (in few words) the application security: a penetration test will be performed. User access will be managed using user/pass. A third safety parameter (optional) is welcome.
Access DB is preferable (or you can use what you prefer BUT you have to export in .mdb the database file for our test) Application will be tested and used into an Intranet but in the next future will be used on a internet domain (.com)
Application layout (icons, colors, template, logo image, ...) is included and must be approved before start of coding task: in any case, they must be modifiable using admin side of portal. Full documentation is mandatory (from config of environment until application management). No upfront. Source-code required for test (no payments before test).