Minimum Permissions Required to Run ASP.NET

  • Thread starter Thread starter Corey B
  • Start date Start date
C

Corey B

I have a web server running IIS 6. The network security team here has
completely locked down the server. They have installed an application
called Cisco Security Agent (CSA). What CSA does is deny or allow
access to certain files and folders. Currently they have it set up
very restrictively so that it denies access to lots of files and
folders. I find that when I go to run any type of ASP.NET application
I receive error messages that say that the Network Service user can not
access a certain folder. So I contact the network security team and
tell them to give Network Service rights to that folder. Then I try my
application again. This time I get a message about a different folder.
So we go through the process again and they give the Network Service
user access to that folder - and so on. What I am looking for is
something like this:

For ASP.NET to function properly you must set the following folder and
file permissions:
C:\Windows\inetsrv Network Service Full
rights
C:\Windows\Microsoft\Framework Network Service Read
etc...

And so on...

Basically I am looking for a list of folders, files and users with
their corresponding rights that must be in place for ASP.NET to
function properly. This is an ASP.NET v1.1 application running on IIS
6. I am assuming that this makes a difference because I believe that
IIS 6 has different requirements than IIS 5. Can anyone help point me
to a list of folder permissions that are necessary just to run ASP.NET
on IIS 6?

Thanks,
Corey
 
Corey,

For ASP.NET 1.1 :

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetht01.asp

Skip over the initial stuff and go directly to "Table 1. Required NTFS permissions".

You may as well save the same info for ASP.NET 2.0 :

http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx

It will come in handy at some point, I'm sure.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
Juan,

Ah! Thanks so much for pointing me in the right direction. One more
question.

So it seems that the permissions are dependent on the version of
ASP.NET and not the version of IIS - correct? In other words - it
doesn't make any difference if I am running my ASP.NET v1.1 application
on IIS 5 or IIS 6 - the list of required permissions is the same.

The main difference between ASP.NET v1.1 and v2.0 is that it will run
under a different user context.

Am I understanding this correctly?

Thanks,
Corey
 
re:
if I am running my ASP.NET v1.1 application
on IIS 5 or IIS 6 - the list of required permissions is the same.
Right.

re:
The main difference between ASP.NET v1.1 and v2.0 is that it will run
under a different user context.
Click to expand...

True, as far as user context security goes.
There's tons of other operational differences, of course, but you know that. :-)

re:
Am I understanding this correctly?
Click to expand...

You got that absolutely right.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
 
Back
Top