在IIS 7中托管ASP.NET项目时应设置什么文件权限?
[英]What File permissions should I set when hosting an ASP.NET project in IIS 7?
问题描述
I'm looking for a guide on how to set file permissions for hosting an ASP.NET project in IIS 7. 
我正在寻找有关如何设置文件权限以在IIS 7中托管ASP.NET项目的指南。
Full access rights for all files in the project directory to everyone works, but I guess this is not a good idea? 每个人都可以使用项目目录中所有文件的完全访问权限,但是我想这不是一个好主意吗?
Thanks for your help in advance! 谢谢您的帮助!
2 个解决方案
解决方案1
0 2011-04-21 21:52:47
IIS 7 has some pretty good security around the \\inetpub directory already. IIS 7在\\ inetpub目录周围已经具有相当不错的安全性。 When adding a site the default id that the worker processes execute under already have all of the permissions necessary. 添加站点时,工作进程执行的默认ID已经具有所有必需的权限。
The only real reason to change these is if you are allowing file uploads to be saved to disk. 更改这些内容的唯一真正原因是,如果您允许将文件上载保存到磁盘。 At which point you are better off creating a directory outside of your site structure and using a virtual directory to point to it. 最好在站点结构之外创建目录,并使用虚拟目录指向该目录。
However, some applications like DotNetNuke, require the worker process to have read/write permissions on the site files themselves, including the web.config. 但是,某些应用程序(例如DotNetNuke)要求工作进程对站点文件本身(包括web.config)具有读/写权限。 This is generally a very bad idea. 通常这是一个非常糟糕的主意。
解决方案2
0 已采纳 2011-04-21 21:56:08
Take a look at the "In Practice" part of my answer to this question: 看一下我对这个问题的回答的“实践中”部分:
What are all the user accounts for IIS/ASP.NET and how do they differ?
You should prefer to use "Application Pool Identity" on with IIS7: 您应该更喜欢在IIS7上使用“应用程序池标识”:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.