S
Sanjay Poojari
Hi All,
Need some advice on some of the security issues in my ASP.Net application.
There are certain tasks that I need to implement so need advice/guidance on
them as well as safeguards that I should implement. The application would
be typically running on Windows Server 2003 with IIS6 with .Net framework
1.1
1. My application saves its settings to the registry. I know that by
default the Aspnet user does not have rights to edit the registry. My
Workaround is that I changed the user in processmodel from "machine" to
"SYSTEM" in the machine.config file. Also in case of 2003 Server, I have to
explicitly grant full rights to the aspnet user to the registry.
Somehow I feel that this solution is not a good one and has the potential
for making the web server unsafe. Any other solutions/workarounds for this
problem?
2. My application needs to read/write/create directories from the file
system on the webserver. I have to explicitly grant the aspnet user full
access to the directories in question. Any other elegant solution to this
issue?
Also, in Windows Server 2003, this does not work if the directory is located
inside the "Program Files" directory. Does not work even when the aspnet
user is added to the Administrators group. Why could this be happening?
Any suggestions/pointers would be appreciated.
Thanks in advance,
Sanjay
Need some advice on some of the security issues in my ASP.Net application.
There are certain tasks that I need to implement so need advice/guidance on
them as well as safeguards that I should implement. The application would
be typically running on Windows Server 2003 with IIS6 with .Net framework
1.1
1. My application saves its settings to the registry. I know that by
default the Aspnet user does not have rights to edit the registry. My
Workaround is that I changed the user in processmodel from "machine" to
"SYSTEM" in the machine.config file. Also in case of 2003 Server, I have to
explicitly grant full rights to the aspnet user to the registry.
Somehow I feel that this solution is not a good one and has the potential
for making the web server unsafe. Any other solutions/workarounds for this
problem?
2. My application needs to read/write/create directories from the file
system on the webserver. I have to explicitly grant the aspnet user full
access to the directories in question. Any other elegant solution to this
issue?
Also, in Windows Server 2003, this does not work if the directory is located
inside the "Program Files" directory. Does not work even when the aspnet
user is added to the Administrators group. Why could this be happening?
Any suggestions/pointers would be appreciated.
Thanks in advance,
Sanjay