Exportar (0) Imprimir
Expandir Tudo
Este artigo foi traduzido por máquina. Coloque o ponteiro do mouse sobre as frases do artigo para ver o texto original. Mais informações.
Tradução
Original

Como: Proteger um Aplicativo ASP.NET em um Servidor Compartilhado

A shared Web server that hosts multiple applications for different customers has the added responsibility to ensure that each application along with the application data be secured so that it is kept private from other application users on the server. The following procedure details the steps to take to secure an ASP.NET application on a shared server.

To Secure an ASP.NET Application on a Shared Server

  1. Hospede oaplicativo da Webno Windows Server 2003. Certifique-se de que os arquivos para seu aplicativo são armazenados em uma unidade que foi formatada usando o NTFS sistema de arquivos.

    Because all ASP.NET applications run with a single process identity (the local ASPNET account) on Windows 2000 and Windows XP Professional, you cannot truly isolate an application unless you are running on a Windows Server 2003.

  2. In the Computer Management snap-in on your Web server (located in the Administrative Tools folder), select Local Users and Groups under System Tools. Add a new user. This user will be the identity of your application pool, also known as the process identity for your ASP.NET application.

    In the Groups folder under Local Users and Groups, add the identity that you just created for your application to the IIS_WPG group. This will ensure that the new identity has the necessary permissions to run as an identity for an application pool.

  3. Using the Internet Information Services (IIS) Manager on your Web server, create an application pool for the application.

    Open the properties page for your new application pool and select the Identity tab. Set the identity as Configurable and supply the User name and Password of your application pool identity created previously.

  4. In the Web Sites folder of the Internet Information (IIS) Services Manager, open the properties page for your application. Set the Application Pool of your Web application to the application pool that you just created. You may need to click the Create button to create your Web application as an application, if you have not already done so.

    You can place multiple applications in an application pool. Be sure to restrict the applications in an application pool to only those applications that can share data, such as multiple applications for a single customer.

  5. Create a directory for your application pool that will contain the temporary files for the applications in the pool. In the Web.config files for all of the applications in the application pool, specify this new directory as the temporary directory for the application using the tempDirectory attribute of the compilationconfiguration section. Por exemplo:

    <configuration>
      <system.web>
        <compilation tempDirectory="C:\WebApps\AppPool1_Temp" />
      </system.web>
    </configuration>
    
  6. In the Windows file system. Set the security Access Control Lists (ACLs) so that the application pool identity and any impersonated identities (see ASP.NET Impersonation) for your application have the appropriate access to the files and subdirectories that make up your application, as well as full access to the temporary directory created previously. Remove the IIS_WPG group from these ACLs. Ensure that other users on the server do not have access to these files and folders unless required. This includes removing general groups such as the Everyone or Users groups. Ensure that any impersonated identities are included in the ACLs listed in ASP.NET Required Access Control Lists (ACLs).

You can also improve the security of your application by encrypting any sensitive information in your Web.config files using protected configuration. Para obter mais informações, veja Criptografando informações de configuração usando configuração protegida.

Contribuições da comunidade

ADICIONAR
Mostrar:
© 2014 Microsoft