ASP.Net shared hosting & security

Discussion in 'ASP .Net Security' started by Andrea Pichler, Sep 19, 2003.

  1. Hello.

    I'm trying to setup a Win2003 server for hosting ASP.Net Applications in a
    Shared Hosting enviroment.

    With the "old" ASP I created a different anonymous account for each web site
    and restricted the NTFS permissions on system and website folders.

    With ASP.Net I set the <identity impersonate="true"/> in the machine.config
    file and the ASP.Net applications works with the user rights on the file
    system.

    My questions are:
    - Is there a way to set somthing like "nooverride" to avoid single web sites
    to change this setting editing the web.config file ?
    - Is there something other to set to restrict the single ASP.Net
    applications ?
    - I read that the Framework v.1.1 has enhancements for hosting and security.
    It's true and how can I use this enhancements in my scenario ?
    - Is there a way to limit the available namespaces for the single .Net
    application (for example, I don't want that users loads applications on my
    server that makes port scanning to other hosts, applications that reads
    active directory and so on.) ?


    Thanks
    Andrea
     
    Andrea Pichler, Sep 19, 2003
    #1
    1. Advertisements

  2. Andrea Pichler

    richlm Guest

    IIS 6 has a new "application pool" feature which help
    solve this type of problem.

    The app pool corresponds to a separate process hosted by
    IIS, and you can control which user account the process
    runs under.

    You could set up multiple accounts, with various levels
    of restriction on what the account can do on the machine.
     
    richlm, Sep 19, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.