You must divide the application into three parts:
Windows service
This will be the host of the WCF or Remoting application. You want to put code that requires privileged access to your system here. For example, creating and deleting websites. Run this service under an account that has sufficient rights to perform operations using Microsoft.Web.Administration .
Reliable or proxy build
This is the only signed build installed in the GAC. Its role is to transfer calls from your low-trust web application to perform privileged actions in code running in the above service. Mark the assembly with the AllowPartiallyTrustedCallers attribute (if your server is configured for partial trust) and mark all classes that require access to the remote access service using [PermissionSet(SecurityAction.Assert, Unrestricted=true)] .
Front End Applications (or Web Services)
This is the interface for your application (whether it is a web application with a graphical interface or a web service). Run this in your own application pool with sufficient privileges to execute, such as IUSR or a similar account. Ideally, you should also run this with partial trust.
Your web application / service references the Trusted Wrapper assembly in the GAC, which in turn refers to a remote access application or WCF running on a Windows service.
Using this layered approach means that you block access using special privileged operations that are performed only in the Windows service.
This approach is well covered in Dominick Baier's Appendix C, Developing More Secure Microsoft ASP.NET 2.0 Applications . I highly recommend getting a copy.
Kev
source share