Article ID: 815145 - View products that this article applies to.
This step-by-step article describes how to lock down an ASP.NET Web Application or Web Service. Web applications are frequently the target for malicious attacks.
There are many steps that you can take to reduce the risk that is associated with hosting a Web application. At a high level, ASP.NET applications benefit from the same security measures as conventional Web applications. However, the ASP.NET file name extensions and the use of security require special consideration. This article describes several key mechanisms for securing ASP.NET Web applications.
For more information about security, visit the following Microsoft Web site:
For additional information about configuring NTFS file permissions, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/815153/ )HOW TO: Configure NTFS file permissions for security of ASP.NET applications
http://technet.microsoft.com/en-us/security/cc242650.aspxFor additional information about URLScan, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/815155/ )HOW TO: Configure URLScan to protect ASP.NET Web applications
For example, limit ASP.NET to Read permissions for only those views, tables, rows, and columns that the application must have access to. Where the application does not directly update a table, do not grant to ASP.NET the permission to submit updates. For more security, configure appropriate permissions for the ASPNET user account.
For additional information about configuring SQL Server, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/815154/ )HOW TO: Configure SQL Server security for .NET applications
For more information, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/dd450372.aspxFor additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/818014/ )HOW TO: Secure applications that are built on the .NET Framework
Article ID: 815145 - Last Review: January 11, 2007 - Revision: 4.5