Re: Server Application Unavailable
From: G.V. (gv_at_mail.lt)
Date: Mon, 16 Jun 2003 16:59:57 +0300
It is stated, that in .NET Framework 1.0 you need to allow custom ASP.NET
user to "Act as part of operating system" privelege in Local Policies.
Windows Authentication Using a Fixed Identity
The <identity> element in Web.config supports optional user name and
password attributes, which allows you to configure a specific fixed identity
for your application to impersonate. This is shown in the following
configuration file fragment.
<identity impersonate="true" userName="DomainName\UserName"
When to use
This approach is not recommended for the current version (version 1) of the
.NET Framework in secure environments for two reasons:
a.. User names and passwords should not be stored in plain text in
configuration files, particularly configuration files stored in virtual
b.. On Windows 2000, this approach forces you to grant the ASP.NET process
account the "Act as part of the operating system" privilege. This reduces
the security of your Web application and increases the threat should an
attacker compromise the Web application process.
The .NET Framework version 1.1 will provide an enhancement for this scenario
on Windows 2000:
a.. The credentials will be encrypted.
b.. The log on will be performed by the IIS process, so that ASP.NET does
not required the "Act as part of the operating system" privilege.
I think the same applies if you change ASP.NET user in machine.config.
One more test you could do - add ASP.NET account temporary to your server
Administrators group. If it works after doing this - this is definetly
security configuration problem.
hope this helps,
"Apogee" <email@example.com> wrote in message
> I followed the steps in this document, it does not work.
> "G.V." <firstname.lastname@example.org> wrote in message
> > It's not that simple. You need to configure security settings too:
> > G.V.