Re: Security issues with Win2003 and ASPNet app
From: RichardF (noone_at_nowhere.com)
Date: 04/29/05
- Next message: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
- Previous message: Reza: "Adding a cross domain user to AzMan"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Reply: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 12:16:39 -0500
Logging in works OK, the user and password are OK, but I think I
messed up the password before.
I made sure it is OK now.
So, my web service and web site are in their own app group. It's
identity is set to the domain user.
Now, when I try to access the web site from the IIS machine (where it
is hosted) I get a message saying "File or assembly name XXX.dll, or
one of its dependencies, was not found"
Each time i refresh the page the name XXX.dll changes.
Help!
RichardF
On Thu, 28 Apr 2005 23:00:43 -0700, Dominick Baier [DevelopMentor]
<dbaier@pleasepleasenospamdevelop.com> wrote:
>Hello Joe,
>
>and have you cleared "has to change password on first login" ??
>
>---------------------------------------
>Dominick Baier - DevelopMentor
>http://www.leastprivilege.com
>
>> Did you try logging in to the server with that domain account to be
>> sure that you have the credentials right and it can log on locally?
>>
>> Joe K.
>>
>> "RichardF" <noone@nowhere.com> wrote in message
>> news:73g271h1f1l3or2cvpofouc8odl04joh11@4ax.com...
>>
>>> The event log says that the identity of my app pool is invalid.
>>>
>>> I created a domain account on the domain server.
>>>
>>> On the SQL Server I gave that account the appropriate permissions.
>>>
>>> On the IIS Server I set the identity of the app pool to use that
>>> account.
>>>
>>> What did I do wrong this time!!!
>>>
>>> RichardF
>>>
>>> (P.S. Thanks for the help so far - I am learning more that I thought
>>> I wanted to!)
>>>
>>> On Thu, 28 Apr 2005 12:23:14 -0700, Dominick Baier [DevelopMentor]
>>> <dbaier@pleasepleasenospamdevelop.com> wrote:
>>>
>>>> Hello RichardF,
>>>>
>>>> check the event log! that's most of the time a password typo.
>>>>
>>>> but the system log will give you more info.
>>>>
>>>> otherwise change the default apppool back to network service - and
>>>> try
>>>> adding
>>>> a new migrating gradually your web apps to this new pool.
>>>> HTH
>>>>
>>>> ---------------------------------------
>>>> Dominick Baier - DevelopMentor
>>>> http://www.leastprivilege.com
>>>>> Actually it appears I now get Service Unavailable whenever I try to
>>>>> access IIS on that machine, even the default root website.
>>>>>
>>>>> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <noone@nowhere.com>
>>>>> wrote:
>>>>>
>>>>>> After installing my web service and web site, they had already
>>>>>> been added to a default App Pool.
>>>>>>
>>>>>> I right clicked the app pool, went to the identity tab and changed
>>>>>> it to use the domain user account I have created.
>>>>>>
>>>>>> Then I added that domain user account to the IIS_WPG group.
>>>>>>
>>>>>> When I try to access the web site/service from IE on another
>>>>>> machine I see my initial logon page but after entering a
>>>>>> username/password IE displays a Service Unavailable message.
>>>>>>
>>>>>> Before I made the changes above, I would get an error indicating
>>>>>> that SQL had denied me access.
>>>>>>
>>>>>> Did I miss something?
>>>>>>
>>>>>> RichardF
>>>>>>
>>>>>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>>>>>> <dbaier@pleasepleasenospamdevelop.com> wrote:
>>>>>>
>>>>>>> Hello RichardF,
>>>>>>>
>>>>>>> you can configure the identity of your web service using the
>>>>>>> Application Pool feature of IIS6.
>>>>>>>
>>>>>>> Add a new AppPool - give it an identity (local or domain) - and
>>>>>>> add the web service application to the AppPool (WebApp
>>>>>>> properties)
>>>>>>>
>>>>>>> Add the account to IIS_WPG and give it access to
>>>>>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>>>>>> \windows\temp
>>>>>>>
>>>>>>> HTH
>>>>>>>
>>>>>>> ---------------------------------------
>>>>>>> Dominick Baier - DevelopMentor
>>>>>>> http://www.leastprivilege.com
>>>>>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>>>>>> database for its data and retrieves images from another server.
>>>>>>>>
>>>>>>>> There are 4 servers all running Win 2003 as follows...
>>>>>>>>
>>>>>>>> 1 - Domain Controller
>>>>>>>> 2 - SQL Server
>>>>>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>>>>>> 4 - File Server (stores all the image files)
>>>>>>>> I am having lots of issues with permissions because my Web
>>>>>>>> Service
>>>>>>>> is
>>>>>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server
>>>>>>>> and
>>>>>>>> I
>>>>>>>> don't know how to give it the necessary permissions to access
>>>>>>>> the
>>>>>>>> SQL
>>>>>>>> Server and the Images on different machines.
>>>>>>>> I think what I need to do is create a Domain Account, give it
>>>>>>>> the
>>>>>>>> appropriate permissions and then somehow get my Web Service to
>>>>>>>> run
>>>>>>>> using that user account. I did try this using 'impersonate' but
>>>>>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>>>>> Can anyone give me tips on how to accomplish this, or point me
>>>>>>>> to a resource that explains how I can accomplish this.
>>>>>>>>
>>>>>>>> Thanks for any help
>>>>>>>>
>>>>>>>> RichardF
>>>>>>>>
>
>
- Next message: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
- Previous message: Reza: "Adding a cross domain user to AzMan"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Reply: Dominick Baier [DevelopMentor]: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
