Internet Information Services
Microsoft web server software.
1,578 questions
wwwroot permission setting
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 50%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
NET_EXPLORER
1
Reputation point
I had a requirement to restrict access to people from reading the web.config file in wwwroot folder of inetpub.
All I did was removing the MACHINENAME/USERS Group from the permission settings of wwwroot folder.
Result: My site was getting access denied error.
I want to restrict the general users who login to the machine from reading the wwwroot contents. How do I achieve it. ? My app runs under DefaultAppPool Indentity.
Will giving access to IIS AppPool\<myappoolname> will work ?
{count} votes
-
AgaveJoe 26,191 Reputation points2021-06-23T14:44:30.26+00:00 The web.config file is not accessible to HTTP request by default. Are you trying to stop user with remote login access to view sensitive information in the web.config? If so, encrypt the contents.
-
NET_EXPLORER 1 Reputation point
2021-06-23T15:30:03.96+00:00 Yes @AgaveJoe I was stopping logged in users from viewing it. I get the encryption part. Just was curious on the permission level being assigned to the wwwroot folder.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sam Wu-MSFT 7,036 Reputation points Microsoft Vendor2021-06-24T07:01:01.467+00:00 anonymous user-5822 About the permission level of wwwroot folder you can refer to this link: \inetpub\wwwroot.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-06-24T10:08:33.713+00:00 if you wanted to stop people from reading the web.config only just encrypt the file instead of encrypting the whole folder
-
AgaveJoe 26,191 Reputation points
2021-06-24T10:52:00.783+00:00 Create a new service account for the web application. Grant the service account read access to the web.config (or application root) while denying all other accounts. Assign the application identity to the service account using the IIS manager.
Sign in to comment