Re: Security issues with Win2003 and ASPNet app
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 04/28/05
- Previous message: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- In reply to: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Reply: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 15:19:24 -0500
Did you try logging in to the server with that domain account to be sure
that you have the credentials right and it can log on locally?
Joe K.
"RichardF" <noone@nowhere.com> wrote in message
news:73g271h1f1l3or2cvpofouc8odl04joh11@4ax.com...
> The event log says that the identity of my app pool is invalid.
>
> I created a domain account on the domain server.
>
> On the SQL Server I gave that account the appropriate permissions.
>
> On the IIS Server I set the identity of the app pool to use that
> account.
>
> What did I do wrong this time!!!
>
> RichardF
>
> (P.S. Thanks for the help so far - I am learning more that I thought I
> wanted to!)
>
>
> On Thu, 28 Apr 2005 12:23:14 -0700, Dominick Baier [DevelopMentor]
> <dbaier@pleasepleasenospamdevelop.com> wrote:
>
>>Hello RichardF,
>>
>>check the event log! that's most of the time a password typo.
>>
>>but the system log will give you more info.
>>
>>otherwise change the default apppool back to network service - and try
>>adding
>>a new migrating gradually your web apps to this new pool.
>>
>>HTH
>>
>>---------------------------------------
>>Dominick Baier - DevelopMentor
>>http://www.leastprivilege.com
>>
>>> Actually it appears I now get Service Unavailable whenever I try to
>>> access IIS on that machine, even the default root website.
>>>
>>> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <noone@nowhere.com>
>>> wrote:
>>>
>>>> After installing my web service and web site, they had already been
>>>> added to a default App Pool.
>>>>
>>>> I right clicked the app pool, went to the identity tab and changed it
>>>> to use the domain user account I have created.
>>>>
>>>> Then I added that domain user account to the IIS_WPG group.
>>>>
>>>> When I try to access the web site/service from IE on another machine
>>>> I see my initial logon page but after entering a username/password IE
>>>> displays a Service Unavailable message.
>>>>
>>>> Before I made the changes above, I would get an error indicating that
>>>> SQL had denied me access.
>>>>
>>>> Did I miss something?
>>>>
>>>> RichardF
>>>>
>>>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>>>> <dbaier@pleasepleasenospamdevelop.com> wrote:
>>>>
>>>>> Hello RichardF,
>>>>>
>>>>> you can configure the identity of your web service using the
>>>>> Application Pool feature of IIS6.
>>>>>
>>>>> Add a new AppPool - give it an identity (local or domain) - and add
>>>>> the web service application to the AppPool (WebApp properties)
>>>>>
>>>>> Add the account to IIS_WPG and give it access to
>>>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>>>> \windows\temp
>>>>>
>>>>> HTH
>>>>>
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>>>> database for its data and retrieves images from another server.
>>>>>>
>>>>>> There are 4 servers all running Win 2003 as follows...
>>>>>>
>>>>>> 1 - Domain Controller
>>>>>> 2 - SQL Server
>>>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>>>> 4 - File Server (stores all the image files)
>>>>>> I am having lots of issues with permissions because my Web Service
>>>>>> is
>>>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>>>>> I
>>>>>> don't know how to give it the necessary permissions to access the
>>>>>> SQL
>>>>>> Server and the Images on different machines.
>>>>>> I think what I need to do is create a Domain Account, give it the
>>>>>> appropriate permissions and then somehow get my Web Service to run
>>>>>> using that user account. I did try this using 'impersonate' but
>>>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>>>
>>>>>> Can anyone give me tips on how to accomplish this, or point me to a
>>>>>> resource that explains how I can accomplish this.
>>>>>>
>>>>>> Thanks for any help
>>>>>>
>>>>>> RichardF
>>>>>>
>>
>>
>
- Previous message: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- In reply to: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Reply: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
