Ask a Question related to ASP.NET Security, Design and Development.
-
Chris Leffer #1
Configuring security for a site in Windows 2003
Hi.
I am developing my first web site using asp.net and IIS 6 and have some
doubts about security. My site will be available on the internet and my
users won't use windows integrated security. The authentication process
relies on a database and forms authentication. But I also wants to
restrict unauthorized access from people inside my department, to the
folders of the application, and I think that NTFS security can be the
way to go. My question is, how exactly should I configure NTFS security
to allow only me and another programmer to write to this folder? Will it
avoid that my internet users writes to the folders too? At this moment,
I see that several accounts (network services, guest, administrators...)
have access to the folders. Is it ok?
Thanks for your time and sorry for the basic questions.
Chris Leffer
*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!
Chris Leffer Guest
-
Application Event Log security issue on Windows 2003
Hi, Does anyone know how to get this to work? Application Event Log does not work with (C++ COM) components that I call from ASP pages on... -
Advanced Security Error 14 Windows 2003
All, I currently am building a new ColdFusion 5.0 Server box running on Windows 2003 w/SP1. the server is running fine and pages are rendering,... -
Security/Permission issue with OWC 11.0 on a Windows 2003 server
Hi all, I've got what I think is a security/permission issue related to using the OWC 11 components on a Windows 2003 server. My web app has a... -
ASP.NET Crystal security issue windows server 2003
Hi, The crystal reports viewer for asp.net doesn't work in windows server 2003 when the server is a domain controller. All I get is red exes... -
file.exists and security on windows 2003 server
Hello, We have moved our ASP.NET web application from Windows 2000 server to windows 2003 server. However, the file.exists method that checks... -
Raterus #2 Re: Configuring security for a site in Windows 2003
Chris,
Look over this article until you get it, this is how you will want to do it as far as your asp.net application is concerned. NTFS permissiosn is your last line of defence and should be configured as additional security, but hopefully your asp.net application will behave well enough that people can only do what you configure them to do, regardless of NTFS permissions.
[url]http://aspnet.4guysfromrolla.com/articles/082703-1.aspx[/url]
--Michael
"Chris Leffer" <chrisl@wank.com> wrote in message news:%23Ync$ruhEHA.2812@tk2msftngp13.phx.gbl...> Hi.
>
> I am developing my first web site using asp.net and IIS 6 and have some
> doubts about security. My site will be available on the internet and my
> users won't use windows integrated security. The authentication process
> relies on a database and forms authentication. But I also wants to
> restrict unauthorized access from people inside my department, to the
> folders of the application, and I think that NTFS security can be the
> way to go. My question is, how exactly should I configure NTFS security
> to allow only me and another programmer to write to this folder? Will it
> avoid that my internet users writes to the folders too? At this moment,
> I see that several accounts (network services, guest, administrators...)
> have access to the folders. Is it ok?
>
> Thanks for your time and sorry for the basic questions.
>
> Chris Leffer
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!Raterus Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
