O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

5.6. IIS 7.0 Feature Delegation

IIS 7.0 provides a new feature that gives administrators a visual tool to decide which configuration sections in the ApplicationHost.config file can be configured on the application level. By default most of the configuration sections in the ApplicationHost.config file are locked down, meaning that applications hosted on the IIS web server cannot re-configure those locked-down configuration sections in the application's web.config file. The main two configuration section groups in the ApplicationHost.config configuration file are the <system.applicationHost> and the <system.webServer> configuration section groups:

<configSections>
     <sectionGroup name="system.applicationHost">
         <section name="applicationPools"
                  allowDefinition="AppHostOnly"
                  overrideModeDefault="Deny" />
         <section name="sites"
                  allowDefinition="AppHostOnly"
                  overrideModeDefault="Deny" />
     </sectionGroup>

     <sectionGroup name="system.webServer">
     <section name="defaultDocument"
                  overrideModeDefault="Allow" />
         <section name="directoryBrowse"
                  overrideModeDefault="Allow" />
         <section name="globalModules"
                  allowDefinition="AppHostOnly"
                  overrideModeDefault="Deny" />
         <section name="handlers"
                  overrideModeDefault="Deny" />
         <section name="httpRedirect"
                  overrideModeDefault="Allow" />
         <section name="modules"
                  allowDefinition="MachineToApplication"
                  overrideModeDefault="Deny" />
         <sectionGroup name="security">
                <section name="access"
                         overrideModeDefault="Deny" />
<section name="applicationDependencies" overrideModeDefault="Deny" ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required