Re: ASP.NET Authentication

I considered going with the <authorization/> it just seemed inefficient to
include user names in a file instead of directly on the folder.

So if I take that approach then I still need to give Network Services access
to the folder in Explorer, and in web.config a list of users allowed to view
the app? Can I list network groups? And only those will be able to view it?
Since setting permissions has become more complicated than just adding users
to the directory itself, I fully expect that you have to list everyone that
is denied.

I ran into some info on ACL elsewhere, but all I know is that it stands for
Access Control List. From where do you access this?

Tahnks for your help.

Joe Kaplan (MVP - ADSI) wrote:
>If you are using Windows authentication, it might be easier to just use the
><authorization/> element in the web.config file to specify allow/deny lists
>for your application than to resort to file system ACLs. ACLs give you
>defense in depth and are a good idea, but the <authorization/> element is
>sufficient for what you want.
>
>If you mess with ACLs, remember that the worker process identity still needs
>to be able to read the files too.
>
>Joe K.
>
>> I'm now well beyond frustration.
>>
>[quoted text clipped - 48 lines]
>> Can anyone shed some light. It seems like this should be such a simple
>> process.

--
Message posted via DotNetMonster.com
http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net-security/200512/1
.

Relevant Pages

  • Re: Users denied access to my documents
    ... it should have the same acl as say, any profile root folder, ... domain users is the same as users on a windows client. ... There are a set of 3 acls which grant users access. ...
    (microsoft.public.windows.file_system)
  • Re: More before-the-fact advice for 2K and XP?
    ... > I believe you keyed in too much on the first mention of temp ... That was a standalone comment. ... The temp folder in %systemroot%\temp was a nasty point of contention when ... it looks like the ACLs in that folder are perfect for me. ...
    (microsoft.public.security)
  • Any reason NOT to remove "CREATOR OWNER" from NTFS ACL?
    ... SID "CREATOR OWNER" from the default ACLs in NTFS. ... granting users "change" on a folder, user creates new folder, user ... I can't see any reason to keep "CREATOR OWNER" ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XP Pro file permissions
    ... File and Folder Permissions ... >> Since the administrator account in question is also a member of the ... the DENY ACL and any other ACLs will take place. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security tab not showing up in File Properties
    ... a new folder and delete the old one to generate new ACLs. ... option might be to edit the permissions on a parent folder and choose ... then remove your ability to take ownership by somehow corrupting the ...
    (microsoft.public.win2000.security)