Re: Security issues with Win2003 and ASPNet app

From: RichardF (noone_at_nowhere.com)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 14:10:53 -0500

After installing my web service and web site, they had already been
added to a default App Pool.

I right clicked the app pool, went to the identity tab and changed it
to use the domain user account I have created.

Then I added that domain user account to the IIS_WPG group.

When I try to access the web site/service from IE on another machine I
see my initial logon page but after entering a username/password IE
displays a Service Unavailable message.

Before I made the changes above, I would get an error indicating that
SQL had denied me access.

Did I miss something?

RichardF

On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
<dbaier@pleasepleasenospamdevelop.com> wrote:

>Hello RichardF,
>
>you can configure the identity of your web service using the Application
>Pool feature of IIS6.
>
>Add a new AppPool - give it an identity (local or domain) - and add the web
>service application to the AppPool (WebApp properties)
>
>Add the account to IIS_WPG and give it access to \windows\microsoft.net\framework\v\temporary
>asp.net files\ and \windows\temp
>
>HTH
>
>---------------------------------------
>Dominick Baier - DevelopMentor
>http://www.leastprivilege.com
>
>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>> database for its data and retrieves images from another server.
>>
>> There are 4 servers all running Win 2003 as follows...
>>
>> 1 - Domain Controller
>> 2 - SQL Server
>> 3 - IIS Server (runs Web Service and Web Site)
>> 4 - File Server (stores all the image files)
>> I am having lots of issues with permissions because my Web Service is
>> running as a user under a LOCAL group IIS_WPG on the IIS Server and I
>> don't know how to give it the necessary permissions to access the SQL
>> Server and the Images on different machines.
>>
>> I think what I need to do is create a Domain Account, give it the
>> appropriate permissions and then somehow get my Web Service to run
>> using that user account. I did try this using 'impersonate' but then
>> it appeared i didn't have permission to tun ASP.NET stuff!
>>
>> Can anyone give me tips on how to accomplish this, or point me to a
>> resource that explains how I can accomplish this.
>>
>> Thanks for any help
>>
>> RichardF
>>
>
>

Relevant Pages

  • Re: Security issues with Win2003 and ASPNet app
    ... out how to add a App Pool!) ... how do I then configure permssions on the SQL server ... >> I have an ASP.NET Web Service and Web Site. ... >> don't know how to give it the necessary permissions to access the SQL ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Directory permission for disk I/O from web service
    ... In Win2003 ASP.NET runs under the "NetworkService" user account by default, ... I thought the web service was going to run under the local ASPNET account, so I gave ASPNET permissions, but that didn't work. ...
    (microsoft.public.dotnet.framework.aspnet)
  • How do I change control panel settings for Web Service User Account in XP
    ... I need to change the settings for the default web service user account ... so that sounds go through a sound card rather than the on-board sound. ... I can do this simply when I'm logged in to my own user account by going ... then I can't get to Control Panel and so can't do it the same way. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Add User Account with a Password to Admin Group
    ... uncheck the box that would force the user ... this user account on all systems that will be running our web service. ... I realize that this is not the perfect solution to ...
    (microsoft.public.vb.general.discussion)
  • Re: asp.net, web services, and sharepoint object model...
    ... Is your web service folder's web.config set to impersonate the user account? ... > and manage other same kind of tasks on SPS. ...
    (microsoft.public.sharepoint.portalserver.development)