wwwroot permission setting
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 50%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
NET_EXPLORER
1
Reputation point
I had a requirement to restrict access to people from reading the web.config file in wwwroot folder of inetpub.
All I did was removing the MACHINENAME/USERS Group from the permission settings of wwwroot folder.
Result: My site was getting access denied error.
I want to restrict the general users who login to the machine from reading the wwwroot contents. How do I achieve it. ? My app runs under DefaultAppPool Indentity.
Will giving access to IIS AppPool\<myappoolname> will work ?
Windows development | Internet Information Services
Developer technologies | ASP.NET Core | Other
Developer technologies | ASP.NET Core | Other
A set of technologies in .NET for building web applications and web services. Miscellaneous topics that do not fit into specific categories.
-
AgaveJoe 31,361 Reputation points2021-06-23T14:44:30.26+00:00 The web.config file is not accessible to HTTP request by default. Are you trying to stop user with remote login access to view sensitive information in the web.config? If so, encrypt the contents.
-
NET_EXPLORER 1 Reputation point
2021-06-23T15:30:03.96+00:00 Yes @AgaveJoe I was stopping logged in users from viewing it. I get the encryption part. Just was curious on the permission level being assigned to the wwwroot folder.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sam Wu-MSFT 7,571 Reputation points Microsoft External Staff2021-06-24T07:01:01.467+00:00 anonymous user-5822 About the permission level of wwwroot folder you can refer to this link: \inetpub\wwwroot.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-06-24T10:08:33.713+00:00 if you wanted to stop people from reading the web.config only just encrypt the file instead of encrypting the whole folder
-
AgaveJoe 31,361 Reputation points
2021-06-24T10:52:00.783+00:00 Create a new service account for the web application. Grant the service account read access to the web.config (or application root) while denying all other accounts. Assign the application identity to the service account using the IIS manager.
Sign in to comment
Sign in to answer