Re: Security issues with Win2003 and ASPNet app
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 04/28/05
- Next message: Robbe Morris [C# MVP]: "The problem may be something else if you already use cookieless sessions"
- Previous message: Dominick Baier [DevelopMentor]: "Re: impersonation"
- In reply to: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Next in thread: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 10:36:07 -0700
Hello RichardF,
if you are using a domain account - just give access to sql server for this
account / ntfs acls for your file server
if you are using a local account - recreate that account with same name/password
on the target machines and proceed as described (not the recommended solution
- you have to keep all those passwords in sync a.s.o.)
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Thanks for the help, I will give that a go. (Assuming I can figure
> out how to add a App Pool!)
>
> Once I do this, how do I then configure permssions on the SQL server
> and Image server machines?
>
> RichardF
>
> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
> <dbaier@pleasepleasenospamdevelop.com> wrote:
>
>> Hello RichardF,
>>
>> you can configure the identity of your web service using the
>> Application Pool feature of IIS6.
>>
>> Add a new AppPool - give it an identity (local or domain) - and add
>> the web service application to the AppPool (WebApp properties)
>>
>> Add the account to IIS_WPG and give it access to
>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>> \windows\temp
>>
>> HTH
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>> database for its data and retrieves images from another server.
>>>
>>> There are 4 servers all running Win 2003 as follows...
>>>
>>> 1 - Domain Controller
>>> 2 - SQL Server
>>> 3 - IIS Server (runs Web Service and Web Site)
>>> 4 - File Server (stores all the image files)
>>> I am having lots of issues with permissions because my Web Service
>>> is
>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>> I
>>> don't know how to give it the necessary permissions to access the
>>> SQL
>>> Server and the Images on different machines.
>>> I think what I need to do is create a Domain Account, give it the
>>> appropriate permissions and then somehow get my Web Service to run
>>> using that user account. I did try this using 'impersonate' but
>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>
>>> Can anyone give me tips on how to accomplish this, or point me to a
>>> resource that explains how I can accomplish this.
>>>
>>> Thanks for any help
>>>
>>> RichardF
>>>
- Next message: Robbe Morris [C# MVP]: "The problem may be something else if you already use cookieless sessions"
- Previous message: Dominick Baier [DevelopMentor]: "Re: impersonation"
- In reply to: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Next in thread: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
