My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Sunday, November 16, 2003
« How To: Secure Your Developer Workstatio... | Main | Security Webcast Week at Microsoft »

Steve Schofield at AdminBlogs.com has an on-going document used to reference IIS related security information. He points to in-depth information published by Microsoft on

ASP.NET Security @
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/aaconwebapplicationsecurity.asp

and

ASP.NET Administration @
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/aaconaspnetadministration.asp

This above section includes the following information:

  • ASP.NET Setup: Describes how to install and uninstall ASP.NET on the platforms that support it and how to identify and solve common problems with a new ASP.NET installation.
  • ASP.NET Web Application Overview: Defines ASP.NET applications and the file types and directories they contain.
  • ASP.NET Configuration: Describes how to configure ASP.NET applications and includes reference information on each of the ASP.NET configuration elements.
  • ASP.NET Security: Describes how to work with authorization and authentication in ASP.NET applications.
  • ASP.NET Deployment: Describes how to distribute ASP.NET applications and components from development and test servers to production servers.
  • ASP.NET Process Isolation: Describes the process models that Internet Information Services (IIS) 6.0 and ASP.NET use.
  • ASP.NET Performance Monitoring: Describes the tools available to monitor the performance of your ASP.NET applications and includes a list of performance counters that are exposed by ASP.NET.
  • Additional Resources: Contains a list of other sources of information on administering ASP.NET applications.

URL seems to indicate that the info may be Windows 2003 - centric, but I am sure that some information can be applied to W2K as well.

Direct link to Steve's Document @
http://adminblogs.com/steve/posts/228.aspx

Tags:: Security
11/16/2003 5:18 PM Eastern Standard Time  |  Comments [2]  |  Disclaimer  |  Permalink   
Sunday, May 8, 2005 12:06:54 AM (Eastern Daylight Time, UTC-04:00)
Hi,
<br>
<br>The document has a lot of information for both Windows 2000/IIS 5.0 and Windows 2003. Many of the articles do speak to the differences of IIS 5 and IIS 6 along with dealing with the differences in securing ASP.NET and .NET framework on both platforms. Thanks for linking up, the threadcover PDF is an absolute standard for reading in locking down a system.
Steve Schofield
Sunday, May 8, 2005 12:06:54 AM (Eastern Daylight Time, UTC-04:00)
Cool.. Thanks Steve.
Anil John
Comments are closed.