Internet Information Services
Microsoft web server software.
1,244 questions
wwwroot permission setting
NET_EXPLORER
1
Reputation point
I had a requirement to restrict access to people from reading the web.config file in wwwroot folder of inetpub.
All I did was removing the MACHINENAME/USERS Group from the permission settings of wwwroot folder.
Result: My site was getting access denied error.
I want to restrict the general users who login to the machine from reading the wwwroot contents. How do I achieve it. ? My app runs under DefaultAppPool Indentity.
Will giving access to IIS AppPool\<myappoolname> will work ?
{count} votes
-
AgaveJoe 20,151 Reputation points2021-06-23T14:44:30.26+00:00 The web.config file is not accessible to HTTP request by default. Are you trying to stop user with remote login access to view sensitive information in the web.config? If so, encrypt the contents.
Yes @AgaveJoe I was stopping logged in users from viewing it. I get the encryption part. Just was curious on the permission level being assigned to the wwwroot folder.
anonymous user-5822 About the permission level of wwwroot folder you can refer to this link: \inetpub\wwwroot.
if you wanted to stop people from reading the web.config only just encrypt the file instead of encrypting the whole folder
Create a new service account for the web application. Grant the service account read access to the web.config (or application root) while denying all other accounts. Assign the application identity to the service account using the IIS manager.
Sign in to comment