Hi, a very important ASPNET permissions problem i need to make it clear

TheMSsForum.com: The Microsoft Software Forum

Suppose that i have these paths in my server with these permissions:

D:\httpdocs\
Allow: Everyone - full control (inherited from D:\)

D:\httpdocs\host1\
Allow: Everyone - full control (inherited from D:\), ASPNET - full control

D:\httpdocs\host2\
Allow: Everyone - full control (inherited from D:\), ASPNET - full control

both D:\httpdocs\host1\ and D:\httpdocs\host2\ are also the document roots
of the IIS hosts, each folder for one host. if i have some ASP.NET pages
inside host2 folder, and use some asp.net System.IO to access file systems,
or use other classes for other works, then, can i access host1 folder's
resources from host2 by pass the parent folder?

how will it be safe for every IIS host document root directories, so that
make every host can access it host's resources only and really independent
ASPNET permission for each folders?
Top

Re: Hi, a very important ASPNET permissions problem i need to make it clear by David

David
Thu Sep 09 11:42:18 CDT 2004


"Parco" <parco@nowlover.com> wrote in message
news:e0CBXlnlEHA.896@TK2MSFTNGP12.phx.gbl...
> Suppose that i have these paths in my server with these permissions:
>
> D:\httpdocs\
> Allow: Everyone - full control (inherited from D:\)
>
> D:\httpdocs\host1\
> Allow: Everyone - full control (inherited from D:\), ASPNET - full control
>
> D:\httpdocs\host2\
> Allow: Everyone - full control (inherited from D:\), ASPNET - full control
>
> both D:\httpdocs\host1\ and D:\httpdocs\host2\ are also the document roots
> of the IIS hosts, each folder for one host. if i have some ASP.NET pages
> inside host2 folder, and use some asp.net System.IO to access file
> systems,
> or use other classes for other works, then, can i access host1 folder's
> resources from host2 by pass the parent folder?
>
> how will it be safe for every IIS host document root directories, so that
> make every host can access it host's resources only and really independent
> ASPNET permission for each folders?
>
You need to run each web site under its own account.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconASPNETImpersonation.asp

If you use anonomous requests in IIS and set the anonymous user in IIS at
the web site or application level, and set <identity impersonate="true"/> in
the web.config, each web site will run under its own user.

Remember to remove rights from ASPNET, since an application can always
change its web config or try to revert to self.

David


Top

Re: Hi, a very important ASPNET permissions problem i need to make it clear by Parco

Parco
Thu Sep 09 12:46:18 CDT 2004

but if i don't set the web.config, will they be independently safe?


"David Browne" <davidbaxterbrowne no potted meat@hotmail.com> ¦b¶l¥ó
news:%23zTH6volEHA.2680@TK2MSFTNGP15.phx.gbl ¤¤¼¶¼g...
>
> "Parco" <parco@nowlover.com> wrote in message
> news:e0CBXlnlEHA.896@TK2MSFTNGP12.phx.gbl...
> > Suppose that i have these paths in my server with these permissions:
> >
> > D:\httpdocs\
> > Allow: Everyone - full control (inherited from D:\)
> >
> > D:\httpdocs\host1\
> > Allow: Everyone - full control (inherited from D:\), ASPNET - full
control
> >
> > D:\httpdocs\host2\
> > Allow: Everyone - full control (inherited from D:\), ASPNET - full
control
> >
> > both D:\httpdocs\host1\ and D:\httpdocs\host2\ are also the document
roots
> > of the IIS hosts, each folder for one host. if i have some ASP.NET pages
> > inside host2 folder, and use some asp.net System.IO to access file
> > systems,
> > or use other classes for other works, then, can i access host1 folder's
> > resources from host2 by pass the parent folder?
> >
> > how will it be safe for every IIS host document root directories, so
that
> > make every host can access it host's resources only and really
independent
> > ASPNET permission for each folders?
> >
> You need to run each web site under its own account.
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconASPNETImpersonation.asp
>
> If you use anonomous requests in IIS and set the anonymous user in IIS at
> the web site or application level, and set <identity impersonate="true"/>
in
> the web.config, each web site will run under its own user.
>
> Remember to remove rights from ASPNET, since an application can always
> change its web config or try to revert to self.
>
> David
>
>


Top