Re: impersonation

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 10:34:17 -0700

Hello Brock,

Machine$ is only relevant if you are accessing remote files. You can indeed
ACL local files directly with "NT AUTHORITY\NETWORK SERVICE"

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> If you are running in IIS6, then by default your code is running as
> "Network Service". You can change the security DACL on the target file
> to allow MACHINENAME$ access tot he file and it should work for you.
> The ASPNET account is only used (again, by default) when you're
> running on an IIS5 or 5.1 box -- so Windows 2000 or XP. If you really
> want your application in IIS6 to run as ASPNET, you can change the
> identity in the IIS admin tool for the AppPool that your app has been
> configured as. But every other app in the same AppPool will also be
> affected. If you choose this approach, then you might want to create a
> seperate AppPool specifically for your application.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>> IIS 6.0
>>
>> Our developer created a asp.net application. I keep getting an error
>> on the website:
>>
>> Exception Details: System.UnauthorizedAccessException: Access to the
>> path "D:\Websites\intradev\peoplefind_net\csv\20050428103335.csv" is
>> denied.
>>
>> I have used filemon and found that it is trying to access that
>> directory structure using nt authority\network service. I need it to
>> use the local aspnet account. How can I force it to use the aspnet
>> account?
>>