RE: Running a Web application with Administrator privileges

• Previous message: Steve Smith: "Re: Newbie - ASP.NET web service IIS 5.1 access problem"
• In reply to: howard: "Running a Web application with Administrator privileges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 26 Apr 2003 14:46:42 GMT

Hello Howard,
To run the worker process using a specified account, modify the
<processModel> element in the root configuration file (machine.config),
located in the \%windows%\Microsoft.NET\Framework\Version\Config folder, as
shown below:

<!-- machine.config file -->
<system.web>
   <processModel
      enable="true"
      userName="domain\user"
      password="password"
   />
</system.web>

In addition to specifying a particular user account, you can also set the
userName attribute to one of two specially recognized values, "SYSTEM" and
"MACHINE". In both cases, you should set the password attribute to
"AutoGenerate", which instructs Windows to manage the password. The default
userName setting is "MACHINE", which is the worker process that uses a
local account named ASPNET. This account is similar to the IWAM_machinename
account used by Internet Information Services (IIS) for running instances
of dllhost.exe when hosting applications built using ASP 3.0 and earlier.
If you specify "SYSTEM", the worker process uses the Local System account.
The ASPNET account is created during installation of the .NET Framework.

If you use a custom account, that account must have the following necessary
access rights:

Read/write access is required for:
The %installroot%\ASP.NET Temporary Files directory. Subdirectories beneath
this root are used for dynamically compiled output.
The %temp% directory, which is used by the compilers during dynamic
compilation.
Read access is required for:
The application directory.
The %installroot% hierarchy to make it possible to access to system
assemblies.
The Web site root directory (e.g., the path at which the "Default Web Site"
points, typically %systemdrive%\inetpub\wwwroot).
The Global Assembly Cache, %windir%\assembly.

For more information on ProcessModel section refers to the following
document
<processModel> Element
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/ht
ml/gngrfprocessmodelsection.asp

Thanks,
Bassel Tabbara
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "howard" <howard@utvgroup.com>
| Sender: "howard" <howard@utvgroup.com>
| Subject: Running a Web application with Administrator privileges
| Date: Thu, 24 Apr 2003 12:50:06 -0700
| Lines: 10
| Message-ID: <05de01c30a9a$b4affe60$3401280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcMKmrStIHMaxzfoTWaWzLM/4+KcQw==
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:4914
| NNTP-Posting-Host: TK2MSFTNGXA04 10.40.1.52
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| For debugging, it would be nice if I could run my Web
| application on my desktop machine logged in under my
| account, which is a Desktop Administrator account, rather
| than the ASPNET account. Is there a way to do this?
|
| The reason I would like to do this is that, for certain
| aspects of debugging, I have been changing the ASPNET
| account to have local Administrator privileges. But this
| violates Active Directory policies on our network and the
| ASPNET account gets deleted after a few hours.
|

• Previous message: Steve Smith: "Re: Newbie - ASP.NET web service IIS 5.1 access problem"
• In reply to: howard: "Running a Web application with Administrator privileges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]