Re: Shared Hosting

The other thing that is interesting is that the OP mentions the use of the
ASPNET account. That would seem to indicate that they are using Windows
2000 instead of 2003. That seems like a questionable thing to be doing for
a professional hosting company.

If they were using 2003, they could put the application in its own app pool
and set that up to run with a specific identity easily. The app would be
isolated from the other apps on the server at the process level.

That approach seems to make much more sense to me.

Joe K.

"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be6316021c8c7c8a172ac3ef0@xxxxxxxxxxxxxxxxxxxxx
> Hello Mike,
>
> if the account has the needed ACLs - yes of course - this is possible
>
> give that a try:
>
> can you programmatically read from:
> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files
>
> this is where ASP.NET compiles the page assemblies to and copies all other
> needed assemblies
>
> if you can read from this directory you can compromise every ASP.NET app
> on the server
>
> The only effective way of isolation applications is to use partial trust.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> How secure is the .net framework in a shared hosting enviroment?
>>
>> I am discussing running a .net application with a hosting company and
>> they are reluctant to allow the aspnet user account write access to a
>> folder within my site. They are saying that this is insecure. I
>> believe that they are wrong but would like a more informed opinion.
>>
>> Is it possible for one site to access files from another site using
>> .net?
>>
>> Is there a better way of allowing an application to write to a folder
>> than giving the aspnet user write access?
>>
>
>


.

Relevant Pages

  • Re: IIS6 on DC failing ASP.Net Service Unavailable
    ... On IIS 6.0 ASP.NET does not use the ASPNET account. ... identity of the web app pool that it is assigned to. ... Q1) Does you app work if you use one of the standard process identities? ...
    (microsoft.public.inetserver.iis)
  • Re: <identity impersonate="true"> question
    ... Actually I manually set my ASPNET to use the SYSTEM account on my ... I'll take your advice and not have the production system use an impersonated ... The default setup used to be to run the ASPNET ... > instead of having the app run as administrator all the time, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Application Flow / security issues
    ... You won't need a special service account. ... If the use case of the app is basically to have a user log in and then loop ... I just checked with corp. and if I want to do delegation I have to ask ... - You are using integrated windows auth in your web app ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: userName="machine" didnt work
    ... The .210 dlls I had for ASP.NET are newer than the .42 dlls. ... Deleted the ASPNET account from "Local Users and Group - Users". ... This problem occurs because the process model user account (in our case, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: userName="machine" didnt work
    ... The .210 dlls I had for ASP.NET are newer than the .42 dlls. ... Deleted the ASPNET account from "Local Users and Group - Users". ... This problem occurs because the process model user account (in our case, ...
    (microsoft.public.dotnet.framework.aspnet)