ASP.Net Application Trust Medium File IO Outside Virtual Directory

Posted by Trey Gramann on Stack Overflow See other posts from Stack Overflow or by Trey Gramann
Published on 2009-09-23T17:08:36Z Indexed on 2010/04/11 21:03 UTC
Read the original article Hit count: 653

Filed under:

virtual-directory

|

medium-trust

|

ASP.NET

I am trying to determine how suicidal this is...

I have a hosting environment where a custom ASP.Net CMS application needs to access the files in the root folder of a website even though it is in a virtual folder so it can be shared accross many sites. I can modify the Medium trust on the server and came up with this...

<IPermission class="FileIOPermission" version="1"
Read="$AppDir$;$AppDir$\.."
Write="$AppDir$;$AppDir$\.."
Append="$AppDir$;$AppDir$\.."
PathDiscovery="$AppDir$;$AppDir$\.."/>

Oddly enough, it works. Yes, I understand it is doing this for all the Apps.

I am a bit at a loss as to easy ways to test what else is being exposed. Feels dangerous. Opinions?

© Stack Overflow or respective owner

Related posts about virtual-directory

getting base url of web site's root (absolute/relative url)

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to completely understand how to use relative and absolute url address in static and dynamic files. ~ : / : .. : in a relative URL indicates the parent directory . : refers to the current directory / : always replaces the entire pathname of the base URL // : always replaces everything… >>> More
Create Virtual Directory and Set Permissions IIS7 - Cannot read configuration file due to insufficie

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to create a virtual directory and set it's permissions using IIS7 and C#. Here is a sample of my code: using (ServerManager serverManager = new ServerManager(webSite)) { ConfigurationSection anonymousAuthenticationSection = config.GetSection( @"system.webServer/security/authentication/anonymousAuthentication"… >>> More
Single Sign On for Web Application and Application in Virtual Directory

as seen on Stack Overflow - Search for 'Stack Overflow'
To enable single sign-on for a web application and a web application in a virtual directory, I set the machinekey in both apps to the same: <machineKey validationKey="xxx" decryptionKey="yy" validation="SHA1" /> The single sign on works just fine, but existing users can't sign in any more;… >>> More
IIS 6 with wildcard mapping and UNC virtual directory problem

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi. On our production servers (win 2003 with IIS6 and load balanced with an F5 BIGIP), we have a problem when introducing wildcardmapping on IIS6. We use .net Framework 3.5 SP1. The issue manifests itself as by the server only sometimes serving the images stored on a virtual directory pointing to… >>> More
How can I change a virtual directory's physical path in IIS7 and C#?

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to change the where a virtual directory's physical path is in C#. This is what I have so far: using (DirectoryEntry webSiteRoot = WmiUtility.GetWebSiteRootDirectory(webSite)) { DirectoryEntry virtualDirectory = WmiUtility.GetVirtualDirectoryByName(webSiteRoot… >>> More

Related posts about medium-trust

NHibernate 2.1.2 in medium trust.

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to configure nhibernate 2.1.2 to run in medium trust, without any luck. I have tried follwing the suggestions to run in medium trust and pre-generating the proxies. I then tried to remove all references to lazy loading setting the default-lazy="false" on all classes and bags. However this… >>> More
Using db4o with multiple application instances under medium trust

as seen on Stack Overflow - Search for 'Stack Overflow'
I recently stumbled over the object database engine db4o which I think looks really interesting. I would like to use it in an ASP.NET MVC application that will be deployed to a shared hosting environment under medium trust. Because of the trust level, I'm restricted to using db4o in embedded/in-process… >>> More
Entity Framework - Medium Trust

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to get the entity framework working in medium trust. I've tried splitting the files and using a separate assembly but I seem to have one problem after another. I moved the EDMX to a separate assembly, which causes a single .dll to be outpit to the sites /Bin directory. I'm referencing… >>> More
Microsoft Reporting DLL's in medium trust environment

as seen on Stack Overflow - Search for 'Stack Overflow'
My host Rackspace Cloud Sites have a modified Medium Trust environment. One of our legacy applications which we are moving onto the server uses the following DLL's: Microsoft.ReportViewer.Common.dll Microsoft.ReportViewer.ProcessingObjectModel.dll Microsoft.ReportViewer.WebForms.dll Microsoft.ReportViewer… >>> More
What is Medium Trust in Asp.net?

as seen on Stack Overflow - Search for 'Stack Overflow'
What is Medium Trust in Asp.net? >>> More