Re: IIS with DOTNET 1.1

From: Ken Schaefer (
Date: 09/26/03

Date: Fri, 26 Sep 2003 11:25:13 +1000

I think you're pretty much good-to-go.

However, to get into the nitty-gritty of how ASP.Net security works, MS has
some pretty good guides out there, including this one:
Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication

which you can download as a PDF, or read online, or buy as a book. It covers
how ASP.Net actually works, security wise.


"Dimitrie" <> wrote in message
: I would like to install the DOTNET 1.1 FRMWRK on a production machine
: Win2k). It runs ASP and it's locked down with the IIS 2.1 LockDown Tool
: a bunch of few other tweaks. The intent is to start porting old ASP
: to ASPX. No web services intended.
: By simply installing the framework and not running any ASPX scripts is the
: machine still secure? Do I have to take any further steps to lock down the
: server?
: Can anyone point me to a Securing IIS5 and .NET guide or whitepapers?
: Or if you can briefly advise me on the steps it would be great.
: Thanks,
: Dimitrie