Hi all

I hope somebody can help me

In a shared environment, I need to use 2 different application pools
with different security levels, here the example:

Application pool 1: Environment for customers has to be rescricted in
some rights (I have altready a trust level just configured)
Application pool 2: Environment for a private WebService used to
administer the server, this has to be "full trust"

My Global web.config is like this:


<location path="Utilities" allowOverride="true">
<system.web>
<identity impersonate="true" />
<trust level="Full" originUrl="" />
</system.web>
</location>

<location allowOverride="false">
<system.web>
<identity impersonate="true"/>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High"
policyFile="web_hightrust.config" />
<trustLevel name="Medium"
policyFile="web_mediumtrust.config" />
<trustLevel name="MediumEx"
policyFile="web_extra_mediumtrust.config" />
<trustLevel name="Low"
policyFile="web_lowtrust.config" />
<trustLevel name="Minimal"
policyFile="web_minimaltrust.config" />
<trustLevel name="MySpecialConfig"
policyFile="MySpecialConfig.config" />
</securityPolicy>
<trust level="MySpecialConfig" originUrl="" />
</system.web>
</location>

but it doesn't do what I want... Or every sites goes to "full trust"
or in "MySpecialConfig" trust config

Can somebody tell me where I make mistakes?

Thanks and sorry for terrible english

specify the full path to the site/app

e.g.

<location path="Default WebSite">

or

<location path="Default WebSite/App1">



-----

Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

[quoted text, click to view]

On 30 Ago, 19:44, Dominick Baier
[quoted text, click to view]

let me try to be more accurate

I don't want to give a different trustlevel to an WEB APPLICATION but
to an APPLICATION POOL

Something like:

<location path="DefaultAppPool">
.....
</location>

and

<location path="Utilities">
.....
</location>

I hope it's possible... I cant' create so many configurations (allways
the same config) for each website in my shared webserver

Thanks for reply

you cannot do that for an app pool. Only for sites and apps.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

[quoted text, click to view]