Re: Security issues with Win2003 and ASPNet app

From: RichardF (noone_at_nowhere.com)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 14:18:11 -0500

Actually it appears I now get Service Unavailable whenever I try to
access IIS on that machine, even the default root website.

On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <noone@nowhere.com>
wrote:

>After installing my web service and web site, they had already been
>added to a default App Pool.
>
>I right clicked the app pool, went to the identity tab and changed it
>to use the domain user account I have created.
>
>Then I added that domain user account to the IIS_WPG group.
>
>When I try to access the web site/service from IE on another machine I
>see my initial logon page but after entering a username/password IE
>displays a Service Unavailable message.
>
>Before I made the changes above, I would get an error indicating that
>SQL had denied me access.
>
>Did I miss something?
>
>RichardF
>
>
>On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
><dbaier@pleasepleasenospamdevelop.com> wrote:
>
>>Hello RichardF,
>>
>>you can configure the identity of your web service using the Application
>>Pool feature of IIS6.
>>
>>Add a new AppPool - give it an identity (local or domain) - and add the web
>>service application to the AppPool (WebApp properties)
>>
>>Add the account to IIS_WPG and give it access to \windows\microsoft.net\framework\v\temporary
>>asp.net files\ and \windows\temp
>>
>>HTH
>>
>>---------------------------------------
>>Dominick Baier - DevelopMentor
>>http://www.leastprivilege.com
>>
>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>> database for its data and retrieves images from another server.
>>>
>>> There are 4 servers all running Win 2003 as follows...
>>>
>>> 1 - Domain Controller
>>> 2 - SQL Server
>>> 3 - IIS Server (runs Web Service and Web Site)
>>> 4 - File Server (stores all the image files)
>>> I am having lots of issues with permissions because my Web Service is
>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and I
>>> don't know how to give it the necessary permissions to access the SQL
>>> Server and the Images on different machines.
>>>
>>> I think what I need to do is create a Domain Account, give it the
>>> appropriate permissions and then somehow get my Web Service to run
>>> using that user account. I did try this using 'impersonate' but then
>>> it appeared i didn't have permission to tun ASP.NET stuff!
>>>
>>> Can anyone give me tips on how to accomplish this, or point me to a
>>> resource that explains how I can accomplish this.
>>>
>>> Thanks for any help
>>>
>>> RichardF
>>>
>>
>>