Thanks for your response Dave,

So I've got your point that you want to verify the existence of a certain
file(given the name) within several directories, correct? I suggest you
have a look at the Sytem.IO namespace's classes, and they are specific to
IO operations against physical directory and files. For example, the
Directory class and the File class contains many static methods to do some
generic IO operations.

#System.IO Namespace  
http://msdn2.microsoft.com/en-us/library/system.io.aspx

BTW, when you try accessing UNC share, make sure your ASP.NET's current
security context (process identity or impersonated user) has the permission
to access the share directory.

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

In this scenario, I don't think giving your users maximum flexibility is a
design goal.  There's no reason they should be entering
\\?\C:\Windows\..\Employees\DaTa and expecting your website to recognize
that it's an authorized directory.  Require them to use the canonical name.
Use a strong regex and be done with it.  If they can't stop using the CAPS
LOCK key when they fill in your form, give them a client-side javascript to
help them get it right.  Let the server be ultra-strict.

i.e. something like

@"c:\\(employees|managers|otherdatadir)\\data\\[-_A-Za-z0-9]{1,50}\.xml"

It's rather desirable to limit filenames to a bounded sequence of
alphanumeric characters as I've done, in order to prevent parent paths (..),
redirection symbols (< > >> |), NTFS hidden streams, and all manner of other
evil such as "c:\employees\data\I_AM_A_BUFFER_OVERFLOW_HAHAHA_<overwrite
your return address here>.xml".