Re: Restricting Dot Net Access on a hosted server
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 23:39:25 +0000 (UTC)
use IIS6 and separate the apps in different worker processes with different identities - the ACL the files appropriately
or use partial trust
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
A while back I had a customer that wanted to host a Dot Net web site
on one of my servers. We went ahead and installed v1.1, the customer
was happy and didn't seem to have any problems. Then we had a second
customer who wanted Dot Net on their web site and we found that the
two users could then browse each others sites because the ASP.NET user
account needed access to both their folders. If we put a script in to
browse the hard drive, copy files, etc it was able to pull data from
the other site. Without Dot Net, we could prevent this in IIS/NT by
creating separate anonymous user accounts for the two sites and
restricting access via NTFS so that the anonymous users only had
access in the appropriate folders on the disk.
Is there a way to restrict this now in Dot Net? I have a user that
wants to put an access database on a Dot Net enabled web site and
wants to make sure no one else can get to it - including other Dot Net
users on the same server. If there is a way to prevent this, where
should I be looking?
Thanks,
-Jeff
.
- References:
- Restricting Dot Net Access on a hosted server
- From: Jeff Fink
- Restricting Dot Net Access on a hosted server
- Prev by Date: Re: Remote file access while impersonating with NTLM
- Next by Date: Usernametoken can't beused inweb services that are invoked bywebcl
- Previous by thread: Restricting Dot Net Access on a hosted server
- Next by thread: Re: how to forcfully kill a running process by executable name with a .net application?
- Index(es):
