Improving Web Application Security: Threats and Countermeasures

The bin directory beneath an ASP.NET application's virtual root directory contains the application's private assemblies, including the application's page-class implementations if code-behind files have been used during development.

Secure the Bin Directory

To secure the application's bin directory and protect your business logic against inadvertent download:

• Remove Web permissions .

• Remove all authentication settings .

Remove Web Permissions

Use the IIS snap-in and ensure that the bin directory does not have Read , Write , or Directory browsing permissions. Also ensure Execute permissions are set to None .

Remove All Authentication Settings

Use the IIS snap-in to remove authentication settings from the bin directory. This results in all access being denied .