Re: ASPNET User Problem in Shared Hosting Environment

From: Easymoney (easy@money.net)
Date: 06/28/02 

From: "Easymoney" <easy@money.net>
Date: Fri, 28 Jun 2002 13:58:35 -0400

I'm doing some testing right now, but it looks like the trick is to set up
each user with their own application on the server. (you should be doing
this anyway) I have tried using an include file in one directory to access a
file in another directory. This was successful until I made the directory
with the include file an application. Then it could only include files from
within the application. I believe what is happening is the .Net Framework
security steps in at this point as the application becomes an "assembly" and
checks evidence. I think that's the correct verbage.

Still in test mode so your milage may vary.

"M. Shawn Dillon" <nollids@moc.ovc-erutrepa> wrote in message
news:ulbyvxgHCHA.1728@tkmsftngp09...
> From this I gather that shared hosting is not supported or recommended
> unless you are willing to give all of your customers the ability to trash
> your machine or other customer's sites. Trustworthy computing indeed...
>
> "Ben Miller [MS]" <benmi@online.microsoft.com> wrote in message
> news:#vgSaOZHCHA.1712@tkmsftngp08...
> >
>
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetse
> > c/html/V1securitychanges.asp?frame=true
> >
> > Watch for URL wrap. This should give you an idea of what this is all
> about.
> >
> > Ben Miller
> > This post is provided "AS IS" and confers no rights or warranties.
> >
> > "Ely Lucas" <ely@cmconline.com> wrote in message
> > news:uhhpa6p7u09c2@corp.supernews.com...
> > > Hello,
> > >
> > > I am trying to setup a win2k server that will be used for shared
hosting
> > > services, and am trying to figure out how asp.net is going to be able
to
> > run
> > > secure on the server.
> > >
> > > In the asp days, you would give each website its own IIS_User account
to
> > run
> > > under, and give that user RWXD permission to it's web root folder. You
> > would
> > > remove the Everyone group and also give the admin group full
permission
> on
> > > the folder. This would keep users who are developing apps that are
going
> > to
> > > be hosted on that machine from poking around in each others
directories
> > with
> > > the file scripting object, include files, etc...
> > >
> > > With asp.net, it seems like everything is ran under the ASPNET user
> > account.
> > > The problem here being, the ASPNET account needs Read permission to
> every
> > > site on the server so it can monitor file changes and such for the
> > > framework.
> > >
> > > When a user runs an aspx page, it runs under the ASPNET account that
has
> > > read permissions to everyone elses aspx pages. So anyone can do a <!--
> > > #Include File="c:\inetpub\site1\allmylovelypasswords.aspx" --> into
> > someone
> > > elses directory and get their source code. And that is just the
> > beginning...
> > >
> > > I have messed around the Impersonation, and set the machine.config up
as
> > > follows:
> > >
> > > <identity impersonate="true" />
> > >
> > > And when this happens, it seems like it is working, because when I do
a
> > >
> > > Response.write(WindowsIdentity.GetCurrent().Name)
> > >
> > > it returns my IIS_User for that particular site that I have setup in
the
> > IIS
> > > MMC. However, this site is still able to browse through and view any
> > > resource on the hard drive that the ASPNET user has access to (which,
> > > remember, has to be all the aspx pages on the entire server, the
> > > Microsoft.NET folder, and more).
> > >
> > > So, I guess what I am wondering is, what is the best practice for
> setting
> > up
> > > asp.net in a shared hosting environment? What are all the big hosts
> doing
> > > out there? What does Microsoft have to say about this (there are no
docs
> > at
> > > all in their web hoster program)?
> > >
> > > Thanks,
> > > Ely
> > >
> > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Network shares cannot connect
    ... User Name: SERVER$ ... Regarding the shares accessing problem, I suggest you try following steps ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Long delay before Drives & Files appear in My Computer & Address Bar
    ... > SERVICE JEFF-DZP8HX39G2 The machine-default permission settings do not ... > grant Local Activation permission for the COM Server application with ... > Ratcliff JEFF-DZP8HX39G2 The Adobe LM Service service was successfully ... > within the required timeout. ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: Documentation of servers, directories, software ???
    ... If the parent folder has the proper permission and you have configured the ... Microsoft Global Technical Support Center ... we just lost track of that the end users put on on the server. ...
    (microsoft.public.windows.server.migration)