We have a departmental web server running Server 2003, IIS 6, and SQL Server Express. IIS is configured for Windows Authentication only and all the App Pools are configured to use the Network Service account. We run several ASP.NET apps, most of which access SQL Server DBs. In the web.config (or other places) within those apps, we have the required connection strings to access the DBs.
I recently realized that anyone could browse the share holding the web server files ("Authenticated Users" have Read permission), as it's underneath another directory on the server that's shared for various reasons.
I tried to remove that "world-read" access permission, but then users could no longer run the apps (they couldn't read the fileshare, which was the intended behavior, but this prevented them from running the apps too). I could still run the apps, as I'm part of the admin group that still had Full Control over the apps folder.
My question (finally) is: what combination of Windows permissions and IIS settings could I use in order to meet these needs:
- We need to know which users are using the app, and to determine what roles/permissions the current user has in each app.
- We need/desire to keep the DB connection strings in the web.config or other app files (too much work to move all them somewhere else).
- We need to prevent users from browsing the fileshare and reading things like connection strings inside the apps. (We'd like to NOT have to move the apps to a new share!)
I've been struggling with this for a while, and would appreciate any suggestions!
You need to move those files out from the share. That's the only way. Anything else will either break Windows Auth or will allow those files to be readable on the share. IIS and SMB both evaluate the same NTFS permissions, so there's no way to have them apply to one without having them apply to the other.