Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
How to configure URLScan to protect ASP.NET Web applications
Article ID: 815155 - View products that this article applies to.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/dd450371.aspFor more information about IIS 7.0, visit the following Microsoft Web site:
This step-by-step article describes how to configure the URLScan security tool to protect ASP.NET Web applications.
URLScan is an Internet Server API (ISAPI) filter that screens and monitors HTTP requests for Internet Information Server 4.0, Internet Information Services 5.0, and Internet Information Services 5.1 (IIS). URLScan is used to reduce the exposure of IIS to potential Internet attacks.
By default, URLScan does not make special accommodations for file name extensions that ASP.NET Web applications use. You can change the URLScan configuration to add an extra layer of security for these applications. You must disable or enable different file name extensions for application level tracing, XML Web services, and remoting.
back to the top
back to the top
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/315736/ )How to secure an ASP.NET application by using Windows Security
(http://support.microsoft.com/kb/315588/ )How to secure an ASP.NET application using client-side certificates
818014back to the top
(http://support.microsoft.com/kb/818014/ )How to secure applications that are built on the .NET Framework
Article ID: 815155 - Last Review: July 3, 2008 - Revision: 6.4