5.6. IIS 7.0 Feature Delegation
IIS 7.0 provides a new feature that gives administrators a visual tool to decide which configuration sections in the ApplicationHost.config file can be configured on the application level. By default most of the configuration sections in the ApplicationHost.config file are locked down, meaning that applications hosted on the IIS web server cannot re-configure those locked-down configuration sections in the application's web.config file. The main two configuration section groups in the ApplicationHost.config configuration file are the <system.applicationHost> and the <system.webServer> configuration section groups:
<configSections>
<sectionGroup name="system.applicationHost">
<section name="applicationPools"
allowDefinition="AppHostOnly"
overrideModeDefault="Deny" />
<section name="sites"
allowDefinition="AppHostOnly"
overrideModeDefault="Deny" />
</sectionGroup>
<sectionGroup name="system.webServer">
<section name="defaultDocument"
overrideModeDefault="Allow" />
<section name="directoryBrowse"
overrideModeDefault="Allow" />
<section name="globalModules"
allowDefinition="AppHostOnly"
overrideModeDefault="Deny" />
<section name="handlers"
overrideModeDefault="Deny" />
<section name="httpRedirect"
overrideModeDefault="Allow" />
<section name="modules"
allowDefinition="MachineToApplication"
overrideModeDefault="Deny" />
<sectionGroup name="security">
<section name="access"
overrideModeDefault="Deny" />
<section name="applicationDependencies" overrideModeDefault="Deny" ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
