11-08-2006 12:00 PM - edited 03-09-2019 04:49 PM
I am a software developer and I have an ASP.NET application running on a server that has CSA running. The CSA is preventing access to a folder that ASP.NET needs. I am working with our Network Security Team to try and get CSA modified to allow the necessary access. I know very, very little about CSA or how it works. But I was wondering if maybe there was a default CSA configuration or profile for a server that was running ASP.NET and hosting ASP.NET applications? If so, then I could just tell the security team to set up the CSA in that configuration. They currently have the server locked down super tight and I am hoping that I won't have to tell them every single folder and file that I need access to. Does anyone know if there is a standard configuration for CSA on a web server running IIS 6 and ASP.NET v1.1?
03-13-2007 02:39 PM
Hi Corey,
As far as I can tell, there aren't any default ASP.NET rules available. But I came across the same issue, so here is my solution:
- Create these 4 File Sets
"ASP.NET Framework Config Files"
Directories matching: @windows\Microsoft.NET\Framework\*\config\*
Files matching:
"ASP.NET Framework Temp DLL Files"
Directories matching: @windows\Microsoft.NET\Framework\*\Temporary ASP.NET\**
Files matching: *.DLL
"ASP.NET Framework Executables"
Directories matching: @windows\Microsoft.NET\Framework\**
Files matching: *.exe
"Windows Temp Files"
Directories matching: @windows\Temp\**
Files matching:
- Create this Application Class
"ASP.NET Framework"
$ASP.NET Framework Executables
only this process
- Create this User State Set
"ASP.NET Accounts"
NT AUTHORITY\NETWORK SERVICE
*\ASPNET
*\IUSR_*
*\IWAM_*
- Create this Windows Rule Module
"ASP.NET Framework"
Apply this rule module only if the following state conditions are met:
User State Conditions: ASP.NET Accounts
- Create these File Access Control Rules
"ASP.NET access to .NET config files"
Allow
IIS Web Server application
Read File, Write File
on $ASP.NET Framework Config Files
"ASP.NET access to temp DLL files"
Allow
IIS Web Server application
Read File, Write File, Write Directory
on $ASP.NET Framework Temp DLL Files
"ASP.NET Framework access to temp files"
Allow
ASP.NET Framework
Read File, Write File, Write Directory
on $Windows Temp Files
- Create this System API Control Rule
"ASP.NET IIS API Call"
Allow (I have logging turned on for this one)
IIS Web Server application
check Access system functions from code executing in data or stack space,
There you go, one ASP.NET module. I really don't like that last rule, but I haven't yet identified all of the patterns to restrict it (hence why I have logging turned on).
05-25-2007 07:16 AM
How will this module differ if we are using .NET v2.0?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide