Re: Security issues with Win2003 and ASPNet app

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 12:23:14 -0700

Hello RichardF,

check the event log! that's most of the time a password typo.

but the system log will give you more info.

otherwise change the default apppool back to network service - and try adding
a new migrating gradually your web apps to this new pool.

HTH

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Actually it appears I now get Service Unavailable whenever I try to
> access IIS on that machine, even the default root website.
>
> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <noone@nowhere.com>
> wrote:
>
>> After installing my web service and web site, they had already been
>> added to a default App Pool.
>>
>> I right clicked the app pool, went to the identity tab and changed it
>> to use the domain user account I have created.
>>
>> Then I added that domain user account to the IIS_WPG group.
>>
>> When I try to access the web site/service from IE on another machine
>> I see my initial logon page but after entering a username/password IE
>> displays a Service Unavailable message.
>>
>> Before I made the changes above, I would get an error indicating that
>> SQL had denied me access.
>>
>> Did I miss something?
>>
>> RichardF
>>
>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>> <dbaier@pleasepleasenospamdevelop.com> wrote:
>>
>>> Hello RichardF,
>>>
>>> you can configure the identity of your web service using the
>>> Application Pool feature of IIS6.
>>>
>>> Add a new AppPool - give it an identity (local or domain) - and add
>>> the web service application to the AppPool (WebApp properties)
>>>
>>> Add the account to IIS_WPG and give it access to
>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>> \windows\temp
>>>
>>> HTH
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>> database for its data and retrieves images from another server.
>>>>
>>>> There are 4 servers all running Win 2003 as follows...
>>>>
>>>> 1 - Domain Controller
>>>> 2 - SQL Server
>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>> 4 - File Server (stores all the image files)
>>>> I am having lots of issues with permissions because my Web Service
>>>> is
>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>>> I
>>>> don't know how to give it the necessary permissions to access the
>>>> SQL
>>>> Server and the Images on different machines.
>>>> I think what I need to do is create a Domain Account, give it the
>>>> appropriate permissions and then somehow get my Web Service to run
>>>> using that user account. I did try this using 'impersonate' but
>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>
>>>> Can anyone give me tips on how to accomplish this, or point me to a
>>>> resource that explains how I can accomplish this.
>>>>
>>>> Thanks for any help
>>>>
>>>> RichardF
>>>>

Relevant Pages

  • Re: IIS6 + ISAPI Filter + Application Pool Identity problem
    ... AppPool is not marked as disabled. ... to write to Event log, I'm writing to a file and its folder has Everyone ... arrow next to the ISAPI filter when running under User account. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Security issues with Win2003 and ASPNet app
    ... The event log says that the identity of my app pool is invalid. ... On the SQL Server I gave that account the appropriate permissions. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Trouble Publishing .NET App
    ... IWAM_MachineName, LOCAL SERVICE, NETWORK SERVICE & SYSTEM) read/write ... to the correct App Pool for the version of the .Net Framework they're running under. ... The web application you are attempting to access on this web server is ... specific request failure can be found in the application event log of ...
    (microsoft.public.dotnet.framework.aspnet)