Re: Security issues with Win2003 and ASPNet app
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 04/29/05
- Previous message: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
- In reply to: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 13:28:14 -0700
Hello RichardF,
make sure the account your worker process runs under hat full control to
\windows\micrsosoft.net\framework\v1.x\tempory asp.net files
\windows\temp
the account is in the IIS_WPG group?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Logging in works OK, the user and password are OK, but I think I
> messed up the password before.
>
> I made sure it is OK now.
>
> So, my web service and web site are in their own app group. It's
> identity is set to the domain user.
>
> Now, when I try to access the web site from the IIS machine (where it
> is hosted) I get a message saying "File or assembly name XXX.dll, or
> one of its dependencies, was not found"
>
> Each time i refresh the page the name XXX.dll changes.
>
> Help!
>
> RichardF
>
> On Thu, 28 Apr 2005 23:00:43 -0700, Dominick Baier [DevelopMentor]
> <dbaier@pleasepleasenospamdevelop.com> wrote:
>
>> Hello Joe,
>>
>> and have you cleared "has to change password on first login" ??
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Did you try logging in to the server with that domain account to be
>>> sure that you have the credentials right and it can log on locally?
>>>
>>> Joe K.
>>>
>>> "RichardF" <noone@nowhere.com> wrote in message
>>> news:73g271h1f1l3or2cvpofouc8odl04joh11@4ax.com...
>>>> The event log says that the identity of my app pool is invalid.
>>>>
>>>> I created a domain account on the domain server.
>>>>
>>>> On the SQL Server I gave that account the appropriate permissions.
>>>>
>>>> On the IIS Server I set the identity of the app pool to use that
>>>> account.
>>>>
>>>> What did I do wrong this time!!!
>>>>
>>>> RichardF
>>>>
>>>> (P.S. Thanks for the help so far - I am learning more that I
>>>> thought I wanted to!)
>>>>
>>>> On Thu, 28 Apr 2005 12:23:14 -0700, Dominick Baier [DevelopMentor]
>>>> <dbaier@pleasepleasenospamdevelop.com> wrote:
>>>>
>>>>> Hello RichardF,
>>>>>
>>>>> check the event log! that's most of the time a password typo.
>>>>>
>>>>> but the system log will give you more info.
>>>>>
>>>>> otherwise change the default apppool back to network service - and
>>>>> try
>>>>> adding
>>>>> a new migrating gradually your web apps to this new pool.
>>>>> HTH
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> Actually it appears I now get Service Unavailable whenever I try
>>>>>> to access IIS on that machine, even the default root website.
>>>>>>
>>>>>> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <noone@nowhere.com>
>>>>>> wrote:
>>>>>>
>>>>>>> After installing my web service and web site, they had already
>>>>>>> been added to a default App Pool.
>>>>>>>
>>>>>>> I right clicked the app pool, went to the identity tab and
>>>>>>> changed it to use the domain user account I have created.
>>>>>>>
>>>>>>> Then I added that domain user account to the IIS_WPG group.
>>>>>>>
>>>>>>> When I try to access the web site/service from IE on another
>>>>>>> machine I see my initial logon page but after entering a
>>>>>>> username/password IE displays a Service Unavailable message.
>>>>>>>
>>>>>>> Before I made the changes above, I would get an error indicating
>>>>>>> that SQL had denied me access.
>>>>>>>
>>>>>>> Did I miss something?
>>>>>>>
>>>>>>> RichardF
>>>>>>>
>>>>>>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier
>>>>>>> [DevelopMentor] <dbaier@pleasepleasenospamdevelop.com> wrote:
>>>>>>>
>>>>>>>> Hello RichardF,
>>>>>>>>
>>>>>>>> you can configure the identity of your web service using the
>>>>>>>> Application Pool feature of IIS6.
>>>>>>>>
>>>>>>>> Add a new AppPool - give it an identity (local or domain) - and
>>>>>>>> add the web service application to the AppPool (WebApp
>>>>>>>> properties)
>>>>>>>>
>>>>>>>> Add the account to IIS_WPG and give it access to
>>>>>>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>>>>>>> \windows\temp
>>>>>>>>
>>>>>>>> HTH
>>>>>>>>
>>>>>>>> ---------------------------------------
>>>>>>>> Dominick Baier - DevelopMentor
>>>>>>>> http://www.leastprivilege.com
>>>>>>>>> I have an ASP.NET Web Service and Web Site. It accesses a
>>>>>>>>> SQL database for its data and retrieves images from another
>>>>>>>>> server.
>>>>>>>>>
>>>>>>>>> There are 4 servers all running Win 2003 as follows...
>>>>>>>>>
>>>>>>>>> 1 - Domain Controller
>>>>>>>>> 2 - SQL Server
>>>>>>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>>>>>>> 4 - File Server (stores all the image files)
>>>>>>>>> I am having lots of issues with permissions because my Web
>>>>>>>>> Service
>>>>>>>>> is
>>>>>>>>> running as a user under a LOCAL group IIS_WPG on the IIS
>>>>>>>>> Server
>>>>>>>>> and
>>>>>>>>> I
>>>>>>>>> don't know how to give it the necessary permissions to access
>>>>>>>>> the
>>>>>>>>> SQL
>>>>>>>>> Server and the Images on different machines.
>>>>>>>>> I think what I need to do is create a Domain Account, give it
>>>>>>>>> the
>>>>>>>>> appropriate permissions and then somehow get my Web Service to
>>>>>>>>> run
>>>>>>>>> using that user account. I did try this using 'impersonate'
>>>>>>>>> but
>>>>>>>>> then it appeared i didn't have permission to tun ASP.NET
>>>>>>>>> stuff!
>>>>>>>>> Can anyone give me tips on how to accomplish this, or point me
>>>>>>>>> to a resource that explains how I can accomplish this.
>>>>>>>>> Thanks for any help
>>>>>>>>>
>>>>>>>>> RichardF
>>>>>>>>>
- Previous message: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
- In reply to: RichardF: "Re: Security issues with Win2003 and ASPNet app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
