Hi, a very important ASPNET permissions problem i need to make it clear

P

Parco

Suppose that i have these paths in my server with these permissions:

D:\httpdocs\
Allow: Everyone - full control (inherited from D:\)

D:\httpdocs\host1\
Allow: Everyone - full control (inherited from D:\), ASPNET - full control

D:\httpdocs\host2\
Allow: Everyone - full control (inherited from D:\), ASPNET - full control

both D:\httpdocs\host1\ and D:\httpdocs\host2\ are also the document roots
of the IIS hosts, each folder for one host. if i have some ASP.NET pages
inside host2 folder, and use some asp.net System.IO to access file systems,
or use other classes for other works, then, can i access host1 folder's
resources from host2 by pass the parent folder?

how will it be safe for every IIS host document root directories, so that
make every host can access it host's resources only and really independent
ASPNET permission for each folders?
 
D

David Browne

Parco said:
Suppose that i have these paths in my server with these permissions:

D:\httpdocs\
Allow: Everyone - full control (inherited from D:\)

D:\httpdocs\host1\
Allow: Everyone - full control (inherited from D:\), ASPNET - full control

D:\httpdocs\host2\
Allow: Everyone - full control (inherited from D:\), ASPNET - full control

both D:\httpdocs\host1\ and D:\httpdocs\host2\ are also the document roots
of the IIS hosts, each folder for one host. if i have some ASP.NET pages
inside host2 folder, and use some asp.net System.IO to access file
systems,
or use other classes for other works, then, can i access host1 folder's
resources from host2 by pass the parent folder?

how will it be safe for every IIS host document root directories, so that
make every host can access it host's resources only and really independent
ASPNET permission for each folders?
Click to expand...
You need to run each web site under its own account.

http://msdn.microsoft.com/library/d...-us/cpguide/html/cpconASPNETImpersonation.asp

If you use anonomous requests in IIS and set the anonymous user in IIS at
the web site or application level, and set <identity impersonate="true"/> in
the web.config, each web site will run under its own user.

Remember to remove rights from ASPNET, since an application can always
change its web config or try to revert to self.

David
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

programatically how to set the steps involved in enabling the ASP. 1
'The current identity does not have write access to Temporary Asp.netFiles 0
Folder ownership/permissions 2
Access is denied - Win2003, IIS6, VB.NET, WORD COM object 6
Permissions "lost" on file.. how? 1
Vista (Home Prem) Permissions - Multiple Access to a Network Share 2
System.UnauthorizedAccessException: Access is denied 0
Permissions revert to full accesss to everyone 6

Top