Re: IIS with DOTNET 1.1

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 09/26/03


Date: Fri, 26 Sep 2003 11:25:13 +1000


I think you're pretty much good-to-go.

However, to get into the nitty-gritty of how ASP.Net security works, MS has
some pretty good guides out there, including this one:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp?frame=true
Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication

which you can download as a PDF, or read online, or buy as a book. It covers
how ASP.Net actually works, security wise.

Cheers
Ken

"Dimitrie" <dimitrie.agafitei@verizon.net> wrote in message
news:BB98817B.4AA%dimitrie.agafitei@verizon.net...
: I would like to install the DOTNET 1.1 FRMWRK on a production machine
(IIS5
: Win2k). It runs ASP and it's locked down with the IIS 2.1 LockDown Tool
and
: a bunch of few other tweaks. The intent is to start porting old ASP
scripts
: to ASPX. No web services intended.
:
: By simply installing the framework and not running any ASPX scripts is the
: machine still secure? Do I have to take any further steps to lock down the
: server?
:
:
: Can anyone point me to a Securing IIS5 and .NET guide or whitepapers?
: Or if you can briefly advise me on the steps it would be great.
:
:
: Thanks,
: Dimitrie
:
: