|
Home > Archive > IIS Server Security > November 2004 > run as
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Mészáros Tamás 2004-11-09, 7:48 am |
| Hello!
I have the following problem:
I would like to create several Virtual Directories in IIS, and give them
to different users. But all their sessions will run as Network Service
user, and so the users will be able to read the entire content of other
users virtual directory with a simple aspx script, because Network
Service must have read right to everything. How could I prevent this?
Should I put these virtual directories to different Application pools?
Isn't there any other solution?
Thanks in advance
Tamas Meszaros
| |
| Bernard 2004-11-10, 2:49 am |
| Network services is the process identity, you should look at request
identity, by default anonymous access is iusr account. Hence, one way is to
do this is to remove anonymous access to the file and grant related NTFS
permission to the file, users will get prompt when accessing those resource,
IIS will serves the file if upon proper authentication and authorization.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Mészáros Tamás" <mesztam@sch.bme.hu> wrote in message
news:ua8aW4kxEHA.3212@TK2MSFTNGP09.phx.gbl...
> Hello!
>
> I have the following problem:
>
> I would like to create several Virtual Directories in IIS, and give them
> to different users. But all their sessions will run as Network Service
> user, and so the users will be able to read the entire content of other
> users virtual directory with a simple aspx script, because Network
> Service must have read right to everything. How could I prevent this?
> Should I put these virtual directories to different Application pools?
> Isn't there any other solution?
>
> Thanks in advance
>
> Tamas Meszaros
|
|
|
|
|