Loggin application block needs write permissions on virtual directory?

Topics: Logging Application Block
Jun 1, 2011 at 4:51 AM

 

Hi,

I am using logging application block in ASP.Net application. The application is hosted on IIS 5.0 with anonymous authentication.  Logging is working only when i give write permissions to the anonymous account on virtual directory. Does write permissions on virtual directory leads any security vulnerabilities?

Thanks,

srikar

Jun 1, 2011 at 7:49 AM

Hi,

We're not the best person to answer your question since it is more of security related. Though my personal opinion to this is that you shouldn't be holding sensitive data when anonymous access is enabled. Quoting from Microsoft Support:

 "When anonymous access is turned on, no authenticated user credentials are required to access the site. This option is best used when you want to grant public access to information that requires no security"

 Hope this helps :)

 

Noel Angelo Bolasoc
Global Technologies and Solutions
Avanade, Inc.
entlib.support@avanade.com