Article ID: 815153 - View products that this article applies to.
This step-by-step article describes how to configure NTFS file permissions for the security of an ASP.NET application.
One common method to lower the risk that is associated with hosting a publicly accessible ASP.NET application is to restrict NTFS permissions on the application’s files. Only those accounts that must have access to a specific file in an ASP.NET application are listed in the file’s access control list (ACL). Additionally, accounts that appear in the ACL must have the minimum authorization that is required for the application to run correctly. For example, when the user must have Read permission to run an application, do not grant Write permission.
This article describes the minimum permissions that users must have for an unauthenticated ASP.NET application to run for common file types. As you change settings, restart the ASP.NET application periodically, and then test it to verify that the application runs as expected. Permission changes that you have made to files, and that have already been successfully requested, may not work until you restart the application.
Collapse this tableExpand this table
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/315736/EN-US/ )HOW TO: Secure an ASP.NET Application by Using Windows Security
(http://support.microsoft.com/kb/315588/EN-US/ )HOW TO: Secure an ASP.NET Application Using Client-Side Certificates
(http://support.microsoft.com/kb/818014/EN-US/ )HOW TO: Secure Applications That Are Built on the .NET Framework