D
Dominick Baier
in short : don't do it
or..
it is not a good choice to modify web.config because
- your opening up to all kind of other security issues if your worker process has write access to web.config (thats a defense in depth measure) - then you have to be VERY shure that the rest of your app is based on rock-solid code
- your asp.net app will restart everytime you modify web.config
if you really want to modify web.config - refactor out that code - package it in a serviced component (com+) and give this component a seperate identity which is allowed to modify web.config -
but my suggestion would be :
there is an event in the http pipeline of asp.net that's specifically made for this purpose - AuthorizeRequest - there you can plug in your code to programmatically decide who is authorized or not (from an alternate data store like an xml file or db)
don't mess with web.config (and its dacls) !
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
What are the security risks to grant ASP.NET user write access to web.config?
I am working on a project in which I am required to update web.config at the
runtime, basically modifying access to different directories.
Any suggestion will be greatly appreciated.
Thanks
[microsoft.public.dotnet.framework.aspnet.security]
or..
it is not a good choice to modify web.config because
- your opening up to all kind of other security issues if your worker process has write access to web.config (thats a defense in depth measure) - then you have to be VERY shure that the rest of your app is based on rock-solid code
- your asp.net app will restart everytime you modify web.config
if you really want to modify web.config - refactor out that code - package it in a serviced component (com+) and give this component a seperate identity which is allowed to modify web.config -
but my suggestion would be :
there is an event in the http pipeline of asp.net that's specifically made for this purpose - AuthorizeRequest - there you can plug in your code to programmatically decide who is authorized or not (from an alternate data store like an xml file or db)
don't mess with web.config (and its dacls) !
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<[email protected]>
What are the security risks to grant ASP.NET user write access to web.config?
I am working on a project in which I am required to update web.config at the
runtime, basically modifying access to different directories.
Any suggestion will be greatly appreciated.
Thanks
[microsoft.public.dotnet.framework.aspnet.security]