Win2003+asp. NET virtual Host Security settings graphics and text tutorial _win server

Here, our site directory in the D disk of the WWW folder, assuming that there is a virtual host named Fesend user, we are in the WWW folder to create a Fesend folder to store this user's site data

The following groups and accounts are used:

IIS_WPG group (also known as the IIS Worker processes Group, IIS worker process groups)

Guests group (Guest group, with minimal permissions in the system)

Internet Guest account (built-in account for anonymous access to Internet Information Services)

Start the IIS process account (the built-in account used to start an Internet information service for out-of-process applications)

1 Disk permission settings

The permissions of the ⑴d packing directory are set as follows, only the administrator and system are retained, and all other accounts are deleted.

⑵ then joins the IIS_WPG group and sets the permissions shown in the following figure to the IIS_WPG group

⑶ establish Iusr_fesend and iwam_fesend account number

Set the "Iusr_fesend" account to the "Guests" group and delete the Users group

Set the "Iwam_fesend" account to the "IIS_WPG" group and delete the Users group

If your virtual host running more than one site, you can follow the above methods, set up a number of "iusr_xxxx" "iwam_xxxx" account; Each site running ASP.net needs a group of such accounts;

⑷ Set the Fesend user site root directory security permissions, this example's site directory is "D:\www\fesend", this directory is used to store Fesend user's site data;

First, remove the permissions inherited from the parent directory (the method is shown below), leaving only "Administrators" and "SYSTEM", all others deleted;

Then add the "Iusr_fesend" "iwam_fesend" account that we have just established and give Full Control (Modify permissions), and apply the settings to all the subordinate directories and click OK to complete the Web site root permissions setting. The final effect is shown in the following illustration:

2 IIS Settings

Set up www.fesend.com site, point to Fesend User's site Directory "D:\www\fesend";

⑴ Site Anonymous Access account settings, modified to the "Iusr_fesend" account we just established

⑵ Create an application pool with the name "Fesend" (name can be arbitrary);

Next, right-click the application pool-> attribute, open the Identification tab, select "Configure", username and password to select the "Iwam_fesend" account that we just created, as shown in the following figure: Fesend

⑶ The last step, set the "Www.fesend.com" site's application pool for the "Fesend" set up above;

At this point, the Fesend user's IIS site is established, if the server has more than one site, you can configure multiple sites sequentially, each site to establish a specific access account, so that each user of the virtual host has its own permissions, can only access their own site directory, can not access each other, The security of the virtual host can be guaranteed;