wwwroot permission setting
I had a requirement to restrict access to people from reading the web.config file in wwwroot folder of inetpub.
All I did was removing the MACHINENAME/USERS Group from the permission settings of wwwroot folder.
Result: My site was getting access denied error.
I want to restrict the general users who login to the machine from reading the wwwroot contents. How do I achieve it. ? My app runs under DefaultAppPool Indentity.
Will giving access to IIS AppPool\<myappoolname> will work ?
The web.config file is not accessible to HTTP request by default. Are you trying to stop user with remote login access to view sensitive information in the web.config? If so, encrypt the contents.
Yes @AgaveJoe I was stopping logged in users from viewing it. I get the encryption part. Just was curious on the permission level being assigned to the wwwroot folder.
anonymous user-5822 About the permission level of wwwroot folder you can refer to this link: \inetpub\wwwroot.
if you wanted to stop people from reading the web.config only just encrypt the file instead of encrypting the whole folder
Create a new service account for the web application. Grant the service account read access to the web.config (or application root) while denying all other accounts. Assign the application identity to the service account using the IIS manager.
Sign in to comment