|
|
|
start date: Mon, 23 Jul 2007 11:11:09 +0200,
posted on: microsoft.public.dotnet.framework.aspnet.security
back
| Thread Index |
|
1
Paolo Liverani am
|
|
2
Dominick Baier
|
|
3
Paolo Liverani am
|
best practice for accessing a network share from IIS
Hello, I have a web application (ASP.NET 2.0) which should allow
authenticated users (via forms authentication) to download files that are
stored in a network share in the same domain (windows 2000). I am byte
streaming the content of the files so that clients do not connect directly
to the file server but only to the web server (Windows 2003).
The "network service" user (the default one for IIS 6) does not have right
to access network shares so I need to know which is the best way (the one
with the least privilege) to configure the security settings for the
application to work correctly.
Thank you, Paolo
Date:Mon, 23 Jul 2007 11:11:09 +0200
Author:
|
Re: best practice for accessing a network share from IIS
You should use UNC paths from ASP.NET (\\server\share)
Network Service appears remotely as MACHINE$ - give this account read ACLs
for the share.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
> Hello, I have a web application (ASP.NET 2.0) which should allow
> authenticated users (via forms authentication) to download files that
> are
> stored in a network share in the same domain (windows 2000). I am byte
> streaming the content of the files so that clients do not connect
> directly
> to the file server but only to the web server (Windows 2003).
> The "network service" user (the default one for IIS 6) does not have
> right
> to access network shares so I need to know which is the best way (the
> one
> with the least privilege) to configure the security settings for the
> application to work correctly.
> Thank you, Paolo
Date:Mon, 23 Jul 2007 09:55:26 +0000 (UTC)
Author:
|
Re: best practice for accessing a network share from IIS
Hello Dominick,
perfect: your suggestion works like a charm.
Thank you very much, Paolo
"Dominick Baier" wrote in
message news:8e6a913a1433f8c99b377e3d9982@news.microsoft.com...
> You should use UNC paths from ASP.NET (\\server\share)
>
> Network Service appears remotely as MACHINE$ - give this account read ACLs
> for the share.
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications
> (http://www.microsoft.com/mspress/books/9989.asp)
>
>> Hello, I have a web application (ASP.NET 2.0) which should allow
>> authenticated users (via forms authentication) to download files that
>> are
>> stored in a network share in the same domain (windows 2000). I am byte
>> streaming the content of the files so that clients do not connect
>> directly
>> to the file server but only to the web server (Windows 2003).
>> The "network service" user (the default one for IIS 6) does not have
>> right
>> to access network shares so I need to know which is the best way (the
>> one
>> with the least privilege) to configure the security settings for the
>> application to work correctly.
>> Thank you, Paolo
>
>
Date:Mon, 23 Jul 2007 17:11:08 +0200
Author:
|
|
|
