????? ??????? ??? ????? ASP.NET ?? ???? ??? ???????

???? ???????: 2698981 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???? | ?? ????

?? ??? ??????

?????

???? ????? ASP.NET ????????? ??????? ??????? ??????? ?? ????? ??? ????? ??? ??? ??????. ??? ???? ?????? ??????? ????? ??????? ??????? ?? ???? ????? ??? ????. ????? ?? ????????? ??? ????? ??????? ????? ???????? ?? ASP.NET 2.0? ????? ??? ???? Microsoft Developer Network (MSDN) ??? ?????:
???????: ??????? "??? ??????" ?? ASP.NET 2.0
(http://msdn.microsoft.com/ar-sa/library/ff648344(en-us).aspx)
??? ????? ???? ??? ??? ????? ??????? ?? ASP.NET ??? ??? ???? ?????? ??? ??????? ?? ???? ??????? ?????? ??? ???? ??????? ??????? ?????? ??? ??????? ??? ?????? ??? ???? ???? ?????. ????? ?????? ????????? ??? ??? ?????? ?? ????? ????? ???? ??? ????? ASP.NET ?? ??? ??? ????? ?? ???? ????? ????? ?? ????????? ?????? ???? ???? ???? ??????? ????? ?? ??? ???? ????????? ????. 

???? ????? ??????? ???? ??? ???? ASP.NET ????? ???? ?????? ?????? ?????????? ?????? (???????? ?????? ??????? ??????) ??????? ?????? ?? ?????? ?? ????? ?? ??????? ???? ??? ???? ASP.NET ?????? ??? ???? ????? ????. ????? ????? ?????? ?????? ??? ????? ????? ??????? ?????. ??? ????? ??????? ?????? ???? ????????? ???? ???? ??? ????? ??????? ?? ??? ???????.
???? ??? ?????? | ????? ???????

??????? ????

??? ??? ?????? ?????? ????? ????????? ??????? ?? ??? ??????? ?????? ?? ??? ????????? ???????? ?? ????? ??????? ??????. ????? ??? ????????? ??? ??????? ASP.NET ??? ???? ??????? Windows Server 2003 SP2 ?????????? ??????. ???? ????????? ????? ??????? ?????? (IIS) ?? ??????? 6.0 ??? 7.5.

???? ????? ?????? ?? ?????? ???????? ??? ???????? ???????? ???? ??? ????? ?? IIS AppCmd.exe
(http://learn.iis.net/page.aspx/114/getting-started-with-appcmdexe)
?? IIS ??????? 7 ?7.5 ????????? ????? ????? IIS ??????
(http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1805162e-6ac5-4a98-9a08-919c4c10827d.mspx?mfr=true)
?? IIS 6.0.

????? ??? ????????? ??? ????? IIS ??????

?? ???? ??????? ??????? ??? ??? ????????? ??? ????? IIS ??????. ??? ??? ??????? ???? ???? ??? ????????? ??? ????????? ??? ????? ??????. ???????? ??? ???? ????? ???? .NET Framework CLR ???????. ????? ??? ????? ??????? ??? ??? ???????.

???? ?? ????? ??? ???? ?????? ???? ??????? ???????:

????? ??????? ?????? 6.0 (Windows Server 2003 SP2)

  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ?? ????? ??????? ?? ?????? ?????? ?????? ??????.
  3. ???? ??? ?????? ?????? ??? ???? ????? ?????? ????? ??? ????? ?? ???? ??? ???? ?????.
  4. ???? ??? ??????.
  5. ???? ????? ?????? ????? ????? ??????? ?? ???? ??? ??????.
  6. ?? ?????? ????? ?????? ????? ?????????.
  7. ???? ?????? ?????? ?????? ???? ??? ??? ????? ????? ???????.
  8. ???? ?????? ???? ???????? ????? ??????? ?????? (??? ASP)? ?? ???? ??? ??????.
  9. ???? ??? ?????. ???? ?????? ?????? ??? ???? ????? ?????.

Internet Information Services 7 (Windows Vista SP2 ?Windows Server 2008 SP1) ?Internet Information Services 7.5 (Windows 7 ?Windows Server 2008 R2)

  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ??? ????? ???????? ?? ?????? ?????? ?????? ??????.
  3. ??? ???? ???????? ?? ???? ??? ???????? ????? ???? ??? ??? ????? ???????.
  4. ??? ???? ?????? ????? ???? ???? ???? ????? ?????? ????? ????? ??????? ?? ???? ?????? ?????? ?????? ???? ??? ????? ????? ??????? ????. ?????? ????????? ??????????? ??? ????? ????? ????? ???? ???? ??? ??? ??????? ???? ????? ?????? ???????? ????? ??????? ???. (???? ?? ??????? ?????? ??.)
  5. ?? ?????? ????? ?????? ????? ?????????.
  6. ???? ?????? ????? ???? ???????? ??? ????? ???? ????? ?? ????? ?????? ?? ??? ???? ?????? ??? ??? ????? ??????? ????? ??????? ???.
  7. ???? ??? ?????. ???? ?????? ???? ?? ?????? ??? ?????? ??????? ?? ????? ???????.

????? ??? ????????? ?? ??????? ????? ??????

?? ???? ??????? ??????? ??? ??? ????????? ?? ??????? ????? ??????. ???? ??? ???? ????????? ??? ?????? ???? ????? ?????? ?????. ????? ??? ????? ??? ?? ???? ??? ???. (??? ????? ?????? ????? ????? ????? ???? ??????? ?????).

????? ??????? ?????? 6.0 (Windows Server 2003 SP2)

  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ?? ????? ??????? ?? ?????? ?????? ?????? ??????.
  3. ???? ??? ?????? ?????? ??? ?????? ?????????? ???? ??? ????? ?? ???? ??? ???? ?????????.
  4. ???? ????? ?????? ????? ????????? ??????? ?? ???? ??? ?????.
  5. ?? ?????? ?????? ????? ?????.
  6. ???? ??? ?????? ?????? ??? ???? ????? ?????? ?? ???? ??? ?????.
  7. ???? ??? ????? ??????? ?????? ???????.
  8. ??? ????? ???? ????????? ?? ????? ?????? ?? ???? ??????? ??? ???? ????????? ??????.
  9. ???? ??? ?????.

Internet Information Services 7 (Windows Vista SP2 ?Windows Server 2008 SP1) ?Internet Information Services 7.5 (Windows 7 ?Windows Server 2008 R2)

??? ????? ??????? ???????? ?? ????? "????? ??? ????????? ??? ????? IIS ??????"? ??? ??? ?????? ?????? ???????? ??? ????? ??????? ???? ??????. ??? ????? ?? ???? ??? ??? ??? ???? ????? ???? ???? ???????? ????? ??????? ???? ??????? ????? ??????? ???????: 
  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ??? ????? ???????? ?? ?????? ?????? ?????? ??????.
  3. ??? ?????? ?????? ?????????.
  4. ??? ????? ???????? ???? ??? ???????? ????? ???? ???????.
  5. ???? ????? ?????? ????? ????????? ???????? ?? ??? ????? .NET Framework ???? ??????.
  6. ???? ??? ?????. ??? ??? ???? ????????? ?????? ?? ???????.
  7. ??? ????? ???????? ?? ?????? ?????? ???????.
  8. ??? ?????? ???? ???? ?? ???? ??? ????? ????????? ???? ??? ??????? ?????? ???? ??? ?????????.
  9. ??? ????? ???????? ???? ??? ???????? ????????? ????????.
  10. ??? ???? ?????? ????? ????? ???? ??? ?????.
  11. ??? ??????? ???? ?????????? ??? ???? ????????? ???? ??? ??????? ??????.
  12. ???? ??? ?????.
??? ???? ?????? ????? ????? ???? ??? ?????.

????? ????? ?????? ????????? ????? (???? ???????)

?? ?????? ????????? ?????? ????????? ???????? ???????? ?? ????? (?? ??????) ???? ??????? Windows. ????? ?????? ???? ???? ????? ??????? ?????? ???????. ?? ???? ??????? ??????? ??? ???? ???? ?????? ??? ?????. ???? ??? ????? ?? ????? ??? ???? ???? ????. ???? ??? ?????? ????? ?????? ???????? ????? ?????? ??????? ?????????? (DACL) ????? ????? ????? ?????? ??? ??????? ??????? ????? ??????? ???????. ?????? ???? ?????? ?? ????? ???? ??????? ???????? ??? ??????? ???? ??? ???????.

Internet Information Services 6.0 (Windows Server 2003 SP2)

????? ???? ?????? ???? ????????? ????? ???? ???????
  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ?? ????? ??? ?????? ??????? ?? ?????? ?????????? ???????? ??????????.
  3. ???? ??? ?????? ?????? ??? ?????? ??????????? ?? ???? ??? ?????? ????.
  4. ???? ????? ?????? ????? ???? ???? ????? ???????? ??????.
  5. ???? ?????? ????? ???? ???????? ??? ??? ???????? ????? ???? ?????? ??? ????? ?????? ?? ????? ???????.
  6. ???? ?????? ???? ???????? ?? ???? ???????? ????? ???? ??????.
  7. ???? ??? ?????? ?? ???? ??? ?????.
  8. ?? ????? ??????? ??? ?????? ??????????. ???? ?????? ?????? ?? ???????.
?? ?????? ???? ????????? ???????? ???? ?????? ???? ????
  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ?? ????? ??????? ?? ?????? ?????? ?????? ??????.
  3. ?? ?????? ?????? ?????? ?????????.
  4. ???? ??? ?????? ?????? ??? ???? ????????? ?????? ?? ???? ??? ?????.
  5. ???? ??? ????? ??????? ??????.
  6. ??? ?? ?????? ???? ???????.
  7. ???? ??? ???????? ????? ?????? ?????? ??????.
  8. ???? ??? ?????.
  9. ??? ????? ???? ?????? ?? ???? ?????? ????? ???? ??????? ?? ???? ??? ?????.

Internet Information Services 7 ?7.5 (Windows Vista SP2 ?Windows Server 2008 SP1 ?Windows 7 ?Windows Server 2008 R2)

  1. ???? ????? ????? ??????? ???????? (IIS).
  2. ??? ????? ???????? ?? ?????? ?????? ?????? ??????.
  3. ??? ?????? ?????? ?????????.
  4. ??? ???? ????????? ?????.
  5. ??? ????? ???????? ???? ??? ???????? ??????? ??????.
  6. ??? ????? ????? ?????? ?? ?????? ??????? ???? ???? ??? ApplicationPoolIdentity. ???? ??? ??????? ???????? ??? ????? ???? ????? ???? ?????? ?? ?????????. ??? ??????? ???????? ????? ??????? ??? ?????? ??????? ?????? ??????? ??????? ?????? ??????? (DACL) ?? ????? ????? ???? ????? ??????? ?????? ????.
  7. ???? ??? ?????.

????? ????? ????? DACL ??? ????? ????? ???????

???? ??????? ??????? ?????? ??????? (DACL) ????? ?? ????? ????????? ???????? ????? ????? ????????? ?????? ??????? ??? ??????. ?? ??????? ????? DACL ?????? ?????? ??? ????? ??????? ????? ?? ????? ????? ??? ??????? ????????? ??? ???? ????? ????. ?????? ??? ???? ?? ????????? ??? ????? ?????? ??????? ?????? IIS? ???? ????? ??????? ?? IIS ?? ???? ??????? ??????? ?????? ??????? ?????? ????? ???????
(http://learn.iis.net/page.aspx/583/secure-content-in-iis-through-file-system-acls)

???? ??????? IIS

  1. ???? ?????? ????? ?????? ?????? ?? ???? ??????? ?? ?? ?????? Windows.
  2. ???? ???? ?? ???????? ??????? ?????? ??????? ??? ???? ??? ????? ???? ??????. (???? ????? ?????? ??????????).
    • ??? ?????? Windows? ???? ??? ?????? ?????? ??? ??????? ?? ??? ?????? ?? ???? ??? ????? ??????? ??????? ?? ?? ?????? ????? ?????? ???????.
    • ??? ???? ???????? ?????? ?????? ???????? icacls.exe
      (http://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx)
      (?? cacls.exe ??? ????????? ?????? ?? ???? ??????? Windows) ?????? ????? ?????? ???????.
  3. ?? ?????? ????? ???? ????? ??????? ???? ?????? ??????.
  4. ?? ?????? ?????? ??????? ??????? ?????? ?? ???????? ??????? ???????? ??? ??????.
??? ??? ???? ?????? ???? ????? ?????? ??????? ?? ??????? (??? ???? ??????? ?????? "?????? ?????")? ???? ??????? ???????:

????? ??????? ?????? 6.0 (Windows Server 2003 SP2)

  1. ??? ?????? Windows? ???? ??? ?????? ?????? ??? ??????? ?? ??? ?????? ?? ???? ??? ????? ??????? ????? ?? ?? ?????? ???? ????? ????? ???????.
  2. ??????? ???????? ???? ????? ??? ????? ???? (????? ???????? ?????? ??????)? ???? ??????? ???????:
    1. ???? ????? ????? ??????? ???????? (IIS).
    2. ?? ????? ??????? ???? ??? ?????? ?????? ??? ??? ?????? ???????? ?? ???? ??? ?????.
    3. ???? ??? ????? ??????? ????.
    4. ??? ??????? ?????? ???????? ??? ???.

Internet Information Services 7 ?7.5 (Windows Vista SP2 ?Windows Server 2008 SP1 ?Windows 7 ?Windows Server 2008 R2)

  1. ??? ?????? Windows? ???? ??? ?????? ?????? ??? ??????? ?? ??? ?????? ?? ???? ??? ????? ??????? ????? ?? ?? ?????? ???? ????? ????? ???????.
  2. ??????? ???????? ???? ????? ??? ????? ???? (????? ?????? ???? ?????)? ?? ?????? ????? ????? "web.config" ?????? ???? ?? ???? ???? ???????? ????? ?? ??????? accessPolicy: 
    <system.webServer> <handlers accessPolicy="Read,Write" /> </system.webServer>

????? ????? ???? ???? ????? ASP.NET ???? ?????? ????? ????? ?????? ??????? ?????????? ??? ????

????? ASP.NET ?????? ??? ?????? ?????? ???????? ??????? ??? ??????? ???????. ???? ??? ????? ???? ????? ASP.NET ??????. ????? ????????? ??????????? ??? ??? ?????? ??? ?????? ???? ?? ?? ????? .NET Framework ????? ????? ???? ???? ????? ??? ???? ?????? ?????? ??????? ???? ????? ??? ????? ????? ??? ??????? ????????? ??? ???? ????? ????. ????? ?? ????????? ??? ???? ????? ASP.NET ??????? ???? ??? ????? ASP.NET ??????????
(http://msdn.microsoft.com/ar-sa/library/ms366723.aspx)
.

????? ????? ???? ???? ????? ASP.NET ??? ????

  1. ?? ?????? ???? ???? ??? ???? ?????? ????? ASP.NET ??????? ???? ?????? ?? ?????? ??????? ???? ????? ??? ?????? ?????? ??????? ???????.
  2. ??? ??? ????? ????? ??????? web.config ?? applicationHost.config? ?? ?????? ????? ??????? ??? ???? ?????? ?????? ???? ?????? ?????? ???????? ???? <?????>? ??? ?? ???: 
    <configuration> <location path="path"> <system.web> <compilation tempDirectory="temp-files-path" /> </system.web> </location> <!-- and so on --> </configuration>

????? ????? ????? ?????? ??????? ?????????? ???????? ??? ???? ???? ????? ASP.NET ???????

  1. ?????? ???? ??????? ?? ?????? Windows ?????? ???????? ??? ???? ??? ????? ???? ??????. (???? ????? ?????? ??????????).
  2. ?? ?????? ????? ???? ????? ??????? ???? ??? ???????? ???? ?????? ??????? ?? ?? ?????? ??? ?????? ?????? ?????? ??? ??? ?????? ?? ?????? ???????.

????? ????? ?????? ??????? ??????? ?? ????? ??????? ?????

??? ????? ??????? web.config ??? ???? ??????? ??????? ???? ??? ?????. ???? ??? ??? ???? ASP.NET ???? ??????? web.config? ????? ????? ?? ?????? ??? ????????? ??????? ?????? ??? ??????? ????? ?????? ?????? ??????? ???? ??? ??????? ??????? ???? ???? ???????. ???? ??? ??? ????? ???? ?? ????? ?? ?????????.

Internet Information Services 6.0 (Windows Server 2003 SP2)

???? ????? ??????? ??????? ??????? ?????? ???? ??? web.config ????? ??? ??????? ????? ???? ???????? ??? ??????? ????????? ???? ??? ???? ??????? ????? ??????? ???? ??????? ??? ??? ?????. ?????? ??? IIS 6 ??? ????? ??????? ?????? ?? ??? web.config ??????? ????? ??. ???? ??? ??????? ??????? ??? ??????? ?????? ?? ???? ?????. ??? ??? ??????? ?????? ??????? ??? ?????? ASP.NET ???? ??? ??????? web.config ?? ????? ??????? ?? ??? ????? ?? ????????? ???????.

Internet Information Services 7 ?7.5 (Windows Vista SP2 ?Windows Server 2008 SP1 ?Windows 7 ?Windows Server 2008 R2)

??????? ?? IIS 7 ?????????? ??????? ?? ???? ??????? ?????? ??????? ?? ??? IIS applicationHost.config ??? ???? <??????> ???? ???? ??? ????? ??????? ??? ?????? ???? ????? ????. ?????? ??? ???? ?? ?????????? ???? ????? ??????? ??????? ?? ????? IIS 7.0
(http://learn.iis.net/page.aspx/145/how-to-use-locking-in-iis-configuration/)
. ???? Microsoft ????
(http://technet.microsoft.com/en-us/security/bulletin/policy)
??????? ??????? ??????? ????? ???? ???????? ?? ????? ???????:
???? ??? ?????? | ????? ???????
?????? ??? ????? ?? ????? "????? ??????" ?? ??????? ??????? ?? ???? ????? ????? ?????? ?? Microsoft. ??? ????? ????????? ??????? ??? ????????? ???????? ???????. ??????? ????????? ?? ????? ??? ???????? ??? ????? ?????? ??????? ??? ??? ??? ??????? ???????? ??? ??? ???????? ?? ?? ??? ???? ????? ????. ???? ???? ?????????
(http://go.microsoft.com/fwlink/?LinkId=151500)
?????? ?????????? ??????.
???? ??? ?????? | ????? ???????

???????

???? ???????: 2698981 - ????? ??? ??????: 17/???/1433 - ??????: 1.0
????? ???
  • Microsoft .NET Framework 4.0
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 1.1 Service Pack 1
  • Microsoft .NET Framework 1.0 Service Pack 3
????? ??????: 
atdownload kbinfo kbexpertiseinter kbsecurity KB2698981
???? ??? ?????? | ????? ???????

????? ???????

 
???? ??? ?????????? ??? ??????