| Groups | Blog | Home |
asp.net security : Shared Hosting
I am discussing running a .net application with a hosting company and they are reluctant to allow the aspnet user account write access to a folder within my site. They are saying that this is insecure. I believe that they are wrong but would like a more informed opinion. Is it possible for one site to access files from another site using .net? Is there a better way of allowing an application to write to a folder than
Hello Mike,
if the account has the needed ACLs - yes of course - this is possible give that a try: can you programmatically read from: C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files this is where ASP.NET compiles the page assemblies to and copies all other needed assemblies if you can read from this directory you can compromise every ASP.NET app on the server The only effective way of isolation applications is to use partial trust. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > How secure is the .net framework in a shared hosting enviroment? > > I am discussing running a .net application with a hosting company and > they are reluctant to allow the aspnet user account write access to a > folder within my site. They are saying that this is insecure. I > believe that they are wrong but would like a more informed opinion. > > Is it possible for one site to access files from another site using > .net? > > Is there a better way of allowing an application to write to a folder > than giving the aspnet user write access? >
Hello Joe,
still you would have trouble isolating the temp asp.net folder... --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > The other thing that is interesting is that the OP mentions the use of > the ASPNET account. That would seem to indicate that they are using > Windows 2000 instead of 2003. That seems like a questionable thing to > be doing for a professional hosting company. > > If they were using 2003, they could put the application in its own app > pool and set that up to run with a specific identity easily. The app > would be isolated from the other apps on the server at the process > level. > > That approach seems to make much more sense to me. > > Joe K. > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:4580be6316021c8c7c8a172ac3ef0@news.microsoft.com... > >> Hello Mike, >> >> if the account has the needed ACLs - yes of course - this is possible >> >> give that a try: >> >> can you programmatically read from: >> C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files >> this is where ASP.NET compiles the page assemblies to and copies all >> other needed assemblies >> >> if you can read from this directory you can compromise every ASP.NET >> app on the server >> >> The only effective way of isolation applications is to use partial >> trust. >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> How secure is the .net framework in a shared hosting enviroment? >>> >>> I am discussing running a .net application with a hosting company >>> and they are reluctant to allow the aspnet user account write access >>> to a folder within my site. They are saying that this is insecure. I >>> believe that they are wrong but would like a more informed opinion. >>> >>> Is it possible for one site to access files from another site using >>> .net? >>> >>> Is there a better way of allowing an application to write to a >>> folder than giving the aspnet user write access? >>>
The other thing that is interesting is that the OP mentions the use of the
ASPNET account. That would seem to indicate that they are using Windows 2000 instead of 2003. That seems like a questionable thing to be doing for a professional hosting company. If they were using 2003, they could put the application in its own app pool and set that up to run with a specific identity easily. The app would be isolated from the other apps on the server at the process level. That approach seems to make much more sense to me. Joe K. "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> [quoted text, click to view] wrote in message news:4580be6316021c8c7c8a172ac3ef0@news.microsoft.com... > Hello Mike, > > if the account has the needed ACLs - yes of course - this is possible > > give that a try: > > can you programmatically read from: > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files > > this is where ASP.NET compiles the page assemblies to and copies all other > needed assemblies > > if you can read from this directory you can compromise every ASP.NET app > on the server > > The only effective way of isolation applications is to use partial trust. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> How secure is the .net framework in a shared hosting enviroment? >> >> I am discussing running a .net application with a hosting company and >> they are reluctant to allow the aspnet user account write access to a >> folder within my site. They are saying that this is insecure. I >> believe that they are wrong but would like a more informed opinion. >> >> Is it possible for one site to access files from another site using >> .net? >> >> Is there a better way of allowing an application to write to a folder >> than giving the aspnet user write access? >> > >
Thanks Joe. This helps.
Just to clarify a point. The reference to the ASPNET user was from me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my description. In fact I believe they are using Win 2003. I think it fair to say that security would be better for a .net site than for their current other asp sites. Mike [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" wrote:
> The other thing that is interesting is that the OP mentions the use of the > ASPNET account. That would seem to indicate that they are using Windows > 2000 instead of 2003. That seems like a questionable thing to be doing for > a professional hosting company. > > If they were using 2003, they could put the application in its own app pool > and set that up to run with a specific identity easily. The app would be > isolated from the other apps on the server at the process level. > > That approach seems to make much more sense to me. > > Joe K. > > "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> > wrote in message news:4580be6316021c8c7c8a172ac3ef0@news.microsoft.com... > > Hello Mike, > > > > if the account has the needed ACLs - yes of course - this is possible > > > > give that a try: > > > > can you programmatically read from: > > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files > > > > this is where ASP.NET compiles the page assemblies to and copies all other > > needed assemblies > > > > if you can read from this directory you can compromise every ASP.NET app > > on the server > > > > The only effective way of isolation applications is to use partial trust. > > > > --------------------------------------- > > Dominick Baier - DevelopMentor > > http://www.leastprivilege.com > > > >> How secure is the .net framework in a shared hosting enviroment? > >> > >> I am discussing running a .net application with a hosting company and > >> they are reluctant to allow the aspnet user account write access to a > >> folder within my site. They are saying that this is insecure. I > >> believe that they are wrong but would like a more informed opinion. > >> > >> Is it possible for one site to access files from another site using > >> .net? > >> > >> Is there a better way of allowing an application to write to a folder > >> than giving the aspnet user write access? > >> > > > > > >
Can you explain how the temp asp.net folder here is a problem?
My understanding was that it is used for storage of compiled pages and such. If he just wants to have a specific folder within his own site set for read access to his app pool, would it not be possible to restrict that with an ACL that only allowed his particular app pool identity and disallowed the other IIS_WPG accounts? I don't have a great understanding of how the temp asp.net folder works though, so I'd like to understand that better. Thanks! Joe "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> [quoted text, click to view] wrote in message news:4580be631603328c7c8c90d98ff40@news.microsoft.com... > Hello Joe, > > still you would have trouble isolating the temp asp.net folder... > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com >
Security certainly can't be any worse with a .NET app than with an ASP app
that uses the same deployment model. .NET doesn't elevate privileges or anything like that. If they are using 2003, then they could potentially create a separate app pool for your app (which is a good idea in general from a hosting perspective). If they did that, they could run your app pool under its own identity in order to help keep the apps isolated. Based on what I think Dominick was getting at, I don't think this solves the problem of access to the temp asp.net files directory, but from what I understand, it should allow your scenario securely. I could definitely be wrong though, so we'll see what D. has to say when he gets up tomorrow. :) Joe K. [quoted text, click to view] "Mike Parris" <MikeParris@discussions.microsoft.com> wrote in message news:BCDA3FE5-42FB-4538-B134-E28A150E7BD6@microsoft.com... > Thanks Joe. This helps. > > Just to clarify a point. The reference to the ASPNET user was from me. I > develop on Win 2000 so I forgot to include the NETWORK SERVICE user in my > description. In fact I believe they are using Win 2003. > > I think it fair to say that security would be better for a .net site than > for their current other asp sites. > > Mike > > "Joe Kaplan (MVP - ADSI)" wrote: > >> The other thing that is interesting is that the OP mentions the use of >> the >> ASPNET account. That would seem to indicate that they are using Windows >> 2000 instead of 2003. That seems like a questionable thing to be doing >> for >> a professional hosting company. >> >> If they were using 2003, they could put the application in its own app >> pool >> and set that up to run with a specific identity easily. The app would be >> isolated from the other apps on the server at the process level. >> >> That approach seems to make much more sense to me. >> >> Joe K. >> >> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> >> wrote in message news:4580be6316021c8c7c8a172ac3ef0@news.microsoft.com... >> > Hello Mike, >> > >> > if the account has the needed ACLs - yes of course - this is possible >> > >> > give that a try: >> > >> > can you programmatically read from: >> > C:\WINDOWS\Microsoft.NET\Framework\vXXX\Temporary ASP.NET Files >> > >> > this is where ASP.NET compiles the page assemblies to and copies all >> > other >> > needed assemblies >> > >> > if you can read from this directory you can compromise every ASP.NET >> > app >> > on the server >> > >> > The only effective way of isolation applications is to use partial >> > trust. >> > >> > --------------------------------------- >> > Dominick Baier - DevelopMentor >> > http://www.leastprivilege.com >> > >> >> How secure is the .net framework in a shared hosting enviroment? >> >> >> >> I am discussing running a .net application with a hosting company and >> >> they are reluctant to allow the aspnet user account write access to a >> >> folder within my site. They are saying that this is insecure. I >> >> believe that they are wrong but would like a more informed opinion. >> >> >> >> Is it possible for one site to access files from another site using >> >> .net? >> >> >> >> Is there a better way of allowing an application to write to a folder >> >> than giving the aspnet user write access? >> >> >> > >> > >> >> >>
Hello Joe,
ok :) in general it is dangerous to give the WP write access to the web directory. think of this scenario: you somehow manage to pipe data in that directory - e.g. text with an .aspx extension - afterwards one can execute the file over the browser.. so in a shared hosting environment i can understand that the ISP sees security implications - it would better to have a writable dir outside of the web root. this all is only possible if the ISP has separate appPools for the app - which they normally don't do - because a lot of WPs suck memory and cpu out of the web server.. but still then it is hard to really isolate apps on a web server - the temp directory is just an example that came to my mind which is often overlooked by ISPs - usually IIS_WPG has modify on the whole directory tree...this was not really related to the question but i thought i throw it in :) but this allows to download the compiled assemblies of other apps on the server - so much for isolation... in general the only way to effectively isolate apps in a shared environmen in partial trust - if PT is in place i would have no problems opening up directories for a customer - assuming the ISP understands policy.... hope that clarifies it a bit... a POC for the temp dir problem: <%@ Page Language="C#" %> <%@ Import Namespace="System.Web.Configuration" %> <%@ Import Namespace="System.IO" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> protected string tempDirectory { // get the location of the temp directories, if not specifically // configured, take the default location get { CompilationSection comp = (CompilationSection) WebConfigurationManager.GetWebApplicationSection ("system.web/compilation"); if (!string.IsNullOrEmpty(comp.TempDirectory)) return comp.TempDirectory; else return Path.Combine (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET Files"); } } // traverse sub-folders protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e) { string path = e.Node.Value; foreach (string directory in Directory.GetDirectories(path)) { string name = Path.GetFileName(directory); TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name); n.PopulateOnDemand = true; e.Node.ChildNodes.Add(n); } } protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { TreeNode node = new TreeNode("temp dir", tempDirectory); node.PopulateOnDemand = true; _treeView.Nodes.Add(node); } } protected void _treeView_SelectedNodeChanged(object sender, EventArgs e) { _lstFiles.Items.Clear(); foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value)) { _lstFiles.Items.Add(f); } } // download the selected file protected void _btnDownload_Click(object sender, EventArgs e) { Response.AddHeader("Content-Type", "binary/octet-stream"); Response.AddHeader( "Content-Disposition", string.Format("attachment; filename={0}", Path.GetFileName(_lstFiles.SelectedValue))); Response.WriteFile(_lstFiles.SelectedValue); Response.End(); } </script> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Download Assemblies of other Applications</title> </head> <body> <form id="form1" runat="server"> <div> ASP.NET Temp Directory; <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView" OnTreeNodePopulate="_treeView_OnPopulate" OnSelectedNodeChanged="_treeView_SelectedNodeChanged" /> <br /> Files: <br /> <asp:ListBox runat="server" ID="_lstFiles" Height="150px" /> <br /> <asp:Button runat="server" ID="_btnDownload" Text="Download" OnClick="_btnDownload_Click" /> </div> </form> </body> </html> --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Security certainly can't be any worse with a .NET app than with an ASP
> app that uses the same deployment model. .NET doesn't elevate > privileges or anything like that. > > If they are using 2003, then they could potentially create a separate > app pool for your app (which is a good idea in general from a hosting > perspective). If they did that, they could run your app pool under > its own identity in order to help keep the apps isolated. > > Based on what I think Dominick was getting at, I don't think this > solves the problem of access to the temp asp.net files directory, but > from what I understand, it should allow your scenario securely. > > I could definitely be wrong though, so we'll see what D. has to say > when he gets up tomorrow. :) > > Joe K. > > "Mike Parris" <MikeParris@discussions.microsoft.com> wrote in message > news:BCDA3FE5-42FB-4538-B134-E28A150E7BD6@microsoft.com... > >> Thanks Joe. This helps. >> >> Just to clarify a point. The reference to the ASPNET user was from >> me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE >> user in my description. In fact I believe they are using Win 2003. >> >> I think it fair to say that security would be better for a .net site >> than for their current other asp sites. >> >> Mike >> >> "Joe Kaplan (MVP - ADSI)" wrote: >> >>> The other thing that is interesting is that the OP mentions the use >>> of >>> the >>> ASPNET account. That would seem to indicate that they are using >>> Windows >>> 2000 instead of 2003. That seems like a questionable thing to be >>> doing >>> for >>> a professional hosting company. >>> If they were using 2003, they could put the application in its own >>> app >>> pool >>> and set that up to run with a specific identity easily. The app >>> would be >>> isolated from the other apps on the server at the process level. >>> That approach seems to make much more sense to me. >>> >>> Joe K. >>> >>> "Dominick Baier [DevelopMentor]" >>> <dbaier@pleasepleasenospamdevelop.com> wrote in message >>> news:4580be6316021c8c7c8a172ac3ef0@news.microsoft.com... >>> >>>> Hello Mike, >>>> >>>> if the account has the needed ACLs - yes of course - this is >>>> possible >>>> >>>> give that a try: >>>> >>>> can you programmatically read from:
Thanks Dominick and Joe
Your replies have cetainly improved my understanding of the subject and I am sure will be useful in the future. My client's Hosting company have however told me to go away, or words to that effect, but not so nicely put. So I will have to create a solution for my client that does not require .net at the server end. [quoted text, click to view] "Dominick Baier [DevelopMentor]" wrote:
> Hello Joe, > > ok :) > > in general it is dangerous to give the WP write access to the web directory. > > think of this scenario: you somehow manage to pipe data in that directory > - e.g. text with an .aspx extension - afterwards one can execute the file > over the browser.. > > so in a shared hosting environment i can understand that the ISP sees security > implications - it would better to have a writable dir outside of the web > root. > > this all is only possible if the ISP has separate appPools for the app - > which they normally don't do - because a lot of WPs suck memory and cpu out > of the web server.. > > but still then it is hard to really isolate apps on a web server - the temp > directory is just an example that came to my mind which is often overlooked > by ISPs - > > usually IIS_WPG has modify on the whole directory tree...this was not really > related to the question but i thought i throw it in :) but this allows to > download the compiled assemblies of other apps on the server - so much for > isolation... > > in general the only way to effectively isolate apps in a shared environmen > in partial trust - if PT is in place i would have no problems opening up > directories for a customer - assuming the ISP understands policy.... > > hope that clarifies it a bit... > > a POC for the temp dir problem: > > <%@ Page Language="C#" %> > <%@ Import Namespace="System.Web.Configuration" %> > <%@ Import Namespace="System.IO" %> > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > > <script runat="server"> > protected string tempDirectory > { > // get the location of the temp directories, if not specifically > > // configured, take the default location > get > { > CompilationSection comp = (CompilationSection) > WebConfigurationManager.GetWebApplicationSection > ("system.web/compilation"); > > if (!string.IsNullOrEmpty(comp.TempDirectory)) > return comp.TempDirectory; > else > return Path.Combine > (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET > Files"); > } > } > > // traverse sub-folders > protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs e) > { > string path = e.Node.Value; > foreach (string directory in Directory.GetDirectories(path)) > { > string name = Path.GetFileName(directory); > TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name); > n.PopulateOnDemand = true; > e.Node.ChildNodes.Add(n); > } > } > > protected void Page_Load(object sender, EventArgs e) > { > if (!IsPostBack) > { > TreeNode node = new TreeNode("temp dir", tempDirectory); > node.PopulateOnDemand = true; > _treeView.Nodes.Add(node); > } > } > > protected void _treeView_SelectedNodeChanged(object sender, EventArgs e) > { > _lstFiles.Items.Clear(); > foreach (string f in Directory.GetFiles(_treeView.SelectedNode.Value)) > { > _lstFiles.Items.Add(f); > } > } > > // download the selected file > protected void _btnDownload_Click(object sender, EventArgs e) > { > Response.AddHeader("Content-Type", "binary/octet-stream"); > Response.AddHeader( > "Content-Disposition", string.Format("attachment; filename={0}", > Path.GetFileName(_lstFiles.SelectedValue))); > > Response.WriteFile(_lstFiles.SelectedValue); > Response.End(); > } > </script> > > <html xmlns="http://www.w3.org/1999/xhtml"> > <head runat="server"> > <title>Download Assemblies of other Applications</title> > </head> > <body> > <form id="form1" runat="server"> > <div> > ASP.NET Temp Directory; > <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView" > OnTreeNodePopulate="_treeView_OnPopulate" > OnSelectedNodeChanged="_treeView_SelectedNodeChanged" /> > <br /> > Files: > <br /> > <asp:ListBox runat="server" ID="_lstFiles" Height="150px" /> > <br /> > <asp:Button runat="server" ID="_btnDownload" Text="Download" > OnClick="_btnDownload_Click" /> > </div> > </form> > </body> > </html> > > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > Security certainly can't be any worse with a .NET app than with an ASP > > app that uses the same deployment model. .NET doesn't elevate > > privileges or anything like that. > > > > If they are using 2003, then they could potentially create a separate > > app pool for your app (which is a good idea in general from a hosting > > perspective). If they did that, they could run your app pool under > > its own identity in order to help keep the apps isolated. > > > > Based on what I think Dominick was getting at, I don't think this > > solves the problem of access to the temp asp.net files directory, but > > from what I understand, it should allow your scenario securely. > > > > I could definitely be wrong though, so we'll see what D. has to say > > when he gets up tomorrow. :) > > > > Joe K. > > > > "Mike Parris" <MikeParris@discussions.microsoft.com> wrote in message > > news:BCDA3FE5-42FB-4538-B134-E28A150E7BD6@microsoft.com... > > > >> Thanks Joe. This helps. > >> > >> Just to clarify a point. The reference to the ASPNET user was from > >> me. I develop on Win 2000 so I forgot to include the NETWORK SERVICE > >> user in my description. In fact I believe they are using Win 2003. > >> > >> I think it fair to say that security would be better for a .net site > >> than for their current other asp sites. > >> > >> Mike > >> > >> "Joe Kaplan (MVP - ADSI)" wrote: > >> > >>> The other thing that is interesting is that the OP mentions the use > >>> of > >>> the > >>> ASPNET account. That would seem to indicate that they are using > >>> Windows > >>> 2000 instead of 2003. That seems like a questionable thing to be > >>> doing > >>> for
Hello Mike,
how about using a dedicated server - they are not that much expensive and you are your own admin?? --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Thanks Dominick and Joe
> > Your replies have cetainly improved my understanding of the subject > and I am sure will be useful in the future. > > My client's Hosting company have however told me to go away, or words > to that effect, but not so nicely put. So I will have to create a > solution for my client that does not require .net at the server end. > > "Dominick Baier [DevelopMentor]" wrote: > >> Hello Joe, >> >> ok :) >> >> in general it is dangerous to give the WP write access to the web >> directory. >> >> think of this scenario: you somehow manage to pipe data in that >> directory - e.g. text with an .aspx extension - afterwards one can >> execute the file over the browser.. >> >> so in a shared hosting environment i can understand that the ISP sees >> security implications - it would better to have a writable dir >> outside of the web root. >> >> this all is only possible if the ISP has separate appPools for the >> app - which they normally don't do - because a lot of WPs suck memory >> and cpu out of the web server.. >> >> but still then it is hard to really isolate apps on a web server - >> the temp directory is just an example that came to my mind which is >> often overlooked by ISPs - >> >> usually IIS_WPG has modify on the whole directory tree...this was not >> really related to the question but i thought i throw it in :) but >> this allows to download the compiled assemblies of other apps on the >> server - so much for isolation... >> >> in general the only way to effectively isolate apps in a shared >> environmen in partial trust - if PT is in place i would have no >> problems opening up directories for a customer - assuming the ISP >> understands policy.... >> >> hope that clarifies it a bit... >> >> a POC for the temp dir problem: >> >> <%@ Page Language="C#" %> >> <%@ Import Namespace="System.Web.Configuration" %> >> <%@ Import Namespace="System.IO" %> >> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" >> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> >> >> <script runat="server"> >> protected string tempDirectory >> { >> // get the location of the temp directories, if not specifically >> // configured, take the default location >> get >> { >> CompilationSection comp = (CompilationSection) >> WebConfigurationManager.GetWebApplicationSection >> ("system.web/compilation"); >> if (!string.IsNullOrEmpty(comp.TempDirectory)) >> return comp.TempDirectory; >> else >> return Path.Combine >> (HttpRuntime.AspInstallDirectory, "Temporary ASP.NET >> Files"); >> } >> } >> // traverse sub-folders >> protected void _treeView_OnPopulate(object sender, TreeNodeEventArgs >> e) >> { >> string path = e.Node.Value; >> foreach (string directory in Directory.GetDirectories(path)) >> { >> string name = Path.GetFileName(directory); >> TreeNode n = new TreeNode(name, e.Node.Value + "\\" + name); >> n.PopulateOnDemand = true; >> e.Node.ChildNodes.Add(n); >> } >> } >> protected void Page_Load(object sender, EventArgs e) >> { >> if (!IsPostBack) >> { >> TreeNode node = new TreeNode("temp dir", tempDirectory); >> node.PopulateOnDemand = true; >> _treeView.Nodes.Add(node); >> } >> } >> protected void _treeView_SelectedNodeChanged(object sender, EventArgs >> e) >> { >> _lstFiles.Items.Clear(); >> foreach (string f in >> Directory.GetFiles(_treeView.SelectedNode.Value)) >> { >> _lstFiles.Items.Add(f); >> } >> } >> // download the selected file >> protected void _btnDownload_Click(object sender, EventArgs e) >> { >> Response.AddHeader("Content-Type", "binary/octet-stream"); >> Response.AddHeader( >> "Content-Disposition", string.Format("attachment; filename={0}", >> Path.GetFileName(_lstFiles.SelectedValue))); >> Response.WriteFile(_lstFiles.SelectedValue); >> Response.End(); >> } >> </script> >> <html xmlns="http://www.w3.org/1999/xhtml"> >> <head runat="server"> >> <title>Download Assemblies of other Applications</title> >> </head> >> <body> >> <form id="form1" runat="server"> >> <div> >> ASP.NET Temp Directory; >> <asp:TreeView ExpandDepth="0" runat="server" ID="_treeView" >> OnTreeNodePopulate="_treeView_OnPopulate" >> OnSelectedNodeChanged="_treeView_SelectedNodeChanged" /> >> <br /> >> Files: >> <br /> >> <asp:ListBox runat="server" ID="_lstFiles" Height="150px" /> >> <br /> >> <asp:Button runat="server" ID="_btnDownload" Text="Download" >> OnClick="_btnDownload_Click" /> >> </div> >> </form> >> </body> >> </html> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> Security certainly can't be any worse with a .NET app than with an >>> ASP app that uses the same deployment model. .NET doesn't elevate >>> privileges or anything like that. >>> >>> If they are using 2003, then they could potentially create a >>> separate app pool for your app (which is a good idea in general from >>> a hosting perspective). If they did that, they could run your app >>> pool under its own identity in order to help keep the apps isolated. >>> >>> Based on what I think Dominick was getting at, I don't think this >>> solves the problem of access to the temp asp.net files directory, >>> but from what I understand, it should allow your scenario securely. >>> >>> I could definitely be wrong though, so we'll see what D. has to say >>> when he gets up tomorrow. :) >>> >>> Joe K. >>> >>> "Mike Parris" <MikeParris@discussions.microsoft.com> wrote in >>> message news:BCDA3FE5-42FB-4538-B134-E28A150E7BD6@microsoft.com... >>> >>>> Thanks Joe. This helps. >>>> >>>> Just to clarify a point. The reference to the ASPNET user was from >>>> me. I develop on Win 2000 so I forgot to include the NETWORK >>>> SERVICE user in my description. In fact I believe they are using >>>> Win 2003. >>>> >>>> I think it fair to say that security would be better for a .net >>>> site than for their current other asp sites. >>>> >>>> Mike >>>> >>>> "Joe Kaplan (MVP - ADSI)" wrote: >>>> >>>>> The other thing that is interesting is that the OP mentions the >>>>> use >>>>> of >>>>> the >>>>> ASPNET account. That would seem to indicate that they are using >>>>> Windows >>>>> 2000 instead of 2003. That seems like a questionable thing to be >>>>> doing >>>>> for >>>>> a professional hosting company. >>>>> If they were using 2003, they could put the application in its own >>>>> app >>>>> pool >>>>> and set that up to run with a specific identity easily. The app >>>>> would be >>>>> isolated from the other apps on the server at the process level. >>>>> That approach seems to make much more sense to me.
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |