Chapter 5. Configuration System Security
Many .NET Framework features depend on initialization information stored in various configuration files. ASP.NET especially is heavily dependent on configuration sections for defining the behavior of many aspects of the ASP.NET runtime. As a result the configuration information frequently contains sensitive information (usernames, passwords, connections strings, and so on). Configuration information can also directly affect the security settings enforced by certain features. As a result, configuration security is an important aspect of ensuring that a web application works as expected.
This chapter covers the following aspects of securing configuration information:
Using the <location /> element.
Implementing granular inheritance control using the new "lock" attributes.
Setting access rights to read and modify configuration.
Managing IIS 7.0 configuration versus ASP.NET configuration.
IIS 7.0 Feature Delegation.
Implementing partial trust restrictions when using configuration.
Using the new protected configuration feature.
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
