We use a cloud service called Sakura VPS for Windows Server to publish the site on IIS.
IIS publishes a download site for an in-house applications.
The site itself works with AzureAD to log in with a Microsoft account, so we have determined that it is safe.
On the other hand, the company's application itself uses ClickOnce, a .NET Framework, to access IIS's virtual folder when downloading or updating the company's application.
IIS prevents the folder hierarchy from being displayed, so I don't think I can access it unless I know the exact folder name or file name, but I'm worried that if I can find the folder name or file name in some way, I can access it freely.
While hackers and others are looking for a stepping stone, is it possible to find this site of our company and find folder names and file names in some way?
If possible, I think I can do it if AzureAD and Sakura's ActiveDirectory work together and set permissions, but I don't understand it at all because I'm not good enough.
The next best option is
·When downloading from the download site with ClickOnce of the company application, the access permission of the virtual folder of each application is rewritten on the download site, and the permission of IIS_IUSRS can be read only when downloading, and the permission is eliminated.
·When updating an in-house application with ClickOnce, the permissions of the virtual folder are rewritten from the application itself, and the permissions of IIS_IUSRS can be read only when updating, and the permissions are eliminated after that.
I think I can do it if I do the above, but what about security?
Please let me know.
security iis
What about security?
"I'm not sure, but I came up with this method" is out of the question for security.
According to Microsoft documentation,
Authentication scenarios other than Windows authentication are not supported when deploying ClickOnce applications.
Therefore, work with AD to authenticate or place it on a local server.
© 2024 OneMinuteCode. All rights reserved.