Is it possible to sandbox an ASP.Net site on IIS7.5 without using Medium Trust?
Question
Setting the .Net trust level to Medium on a site will ensure that no code can access files outside the application directory.
I have an ASP.Net site that must run in Full Trust. I have configured my website in IIS to use its own Application Pool Identity (IIS Apppool\\www.site-name.com).
Currently it is possible for scripts/code in this app to read files outside of the application directory. This occurs because by default, accounts that are a member of the BUILTIN\\users group are able to read most files on the system, including c:\\ and c:\\windows. It appears that Applicaion Pool Identity accounts are also members of BUILTIN\\users.
Is it possible to prevent file access outside the website folder while keeping Full Trust?
1 answers
solution1
0 2011-01-04 04:21:53
如何使用文件/目录ACL拒绝您的AppPoolIdentity对所需文件夹的访问?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.