Last post Aug 22, 2011 11:32 AM by tehremo
Aug 17, 2011 11:58 AM|antony.kll|LINK
I try to set up my shared hosting based on WindowsServer2008 R2/IIS7.5 to use Full Trust on Asp.Net Framework 2.0 and 4.0;
my IIS configuration is one apppool for each website using apppool identity configuration, so each site is running with its own user.
If I set Medium trust all work fine but when I set Full Trust on ASP.Net user can execute process even if it does not have rights to access of it
ex.: If user write an asp.net page with
user can run process notepad.exe but notepad does not have permissions on their acl to run with this user or group, how is it possible?
I try also to create a new user on server without assign it to any group, after that i set up a new site with this user (setting apppool user and anonymous authentication) but if I set ASP.Net to full trust this site can run notepad.exe or calc.exe and more,
even if the new user haven't ACL for access to that file, how is it possible?
I need to enable or modify some settings?
Thank and Regards
Aug 17, 2011 01:13 PM|tehremo|LINK
You will not be able to run in full trust on a shared host. They will not allow that to happen, for all the right reasons. If you want full trust on a host, you will need to look at getting a dedicated server with them.
Aug 18, 2011 03:19 AM|antony.kll|LINK
thanks for your reply,
I try to explain me better,
I'm a system administrator and I try to setup my server for shared hosting to use full trust on Asp.net
I saw that some hosters can give full trust also on shared hosting, then I think it would seem possible but I can't find a way for maintain an higher security on server, do you know some way?
Thanks and Regards
Aug 22, 2011 10:52 AM|tomgusa|LINK
FYI: Arvixe has
Full Trust App Support for it's shared hosting plans.
Aug 22, 2011 11:32 AM|tehremo|LINK
Per Arvixe's site: "When developing your ASP .NET applications. You may run into some dlls that require your application to have full trust on the server. Many web hosts do not allow your applications to run in full trust. At Arvixe, by leveraging the power
of Windows 2008, we will enable full trust for your applications per request."
So, they have to do it, it doesn't look like something you can enable yourself via a CP.