Tuesday, August 16, 2005

Configuring An ASP.NET Application With A Home Directory Located On A Share On Another Computer

That has to be longest heading for any of my blog entries, but it's what I finally figured out how to do, and thought I would post about my experiences, and a short HOWTO on the subject for those who may be struggling much like I have been for the past day or so.

Suppose you have two servers. One exposed to the outside world, and one on your internal network. Now, also suppose that you want the server exposed to the outside world to run an ASP.NET application, but the resources (files) for this ASP.NET application are on a share on the internal server. That's the situation that I have.

It all seems easy enough. Create the website on the externally-exposed server with its home directory pointing to the share on the internal server, right? Wrong. In the ASP days, this works fine, but in the days of compiled ASP.NET applications, it's not so simple.

Here's a quick checklist of how to get it to work.

1. Create a virtual directory on your website, and point it to the share on the internal server where the ASP.NET application exists. For example, if your ASP.NET application is in the folder "MyGreatWebApp" on the share "MyWebShare" on the server "BIG_SERVER", then the virtual directory would point to:


2. Set the permissions on this virtual directory to read and execute.

3. Locate machine.config on the web server. It should be in the following folder, or something similar:


4. Edit the file, and make sure the following entry is there:

    password="" />

5. Open Administrative Tools\Microsoft .NET Framework 1.1 Configuration

6. Navigate to Runtime Security Policy\Machine\Code Groups\All_Code. Right click All_Code, and select New. Type a name for your new policy, and click Next. Choose URL from the drop list. We now need to give it the path to our shared folder. So, using our shared folder from above, we have the following:


Click Next. Choose Full Trust, and click Next. Click Finish.

7. On your externally exposed web server, locate the folder C:\WINDOWS\Microsoft.NET and make sure that everyone has Full Control to this folder, and all of its contents.

8. Open a command prompt on the externally exposed web server, and issue the command iisreset, and your ASP.NET web application should now work as expected.

Now, while this works, it doesn't leave me with the best of feelings. It seems that there are a lot of security issues with this. I need to do some more work to determine if this can be locked down more, but I am doubtful that I will be able to lock it down much more than this. In any case, if you must have this setup, these instructions will get you where you need to be, and if anyone has more to add on this subject, feel free to comment. I'd love to hear of better ways to do this. It seems like a lot of work for something that used to be quite simple, and it also seems to open up some secure doors that weren't' very secure to begin with.

No comments: