Re: ASP.NET Fixed Identity Impersonation

From: ADavis (ADavis_at_discussions.microsoft.com)
Date: 07/19/05


Date: Mon, 18 Jul 2005 16:14:02 -0700

Yes, we only give exec permission to our stored procedures to the domain
account specifically created for the web application.

"J-T" wrote:

> If you are using a Trusted connection,it means that you don;t specify
> username and password in your connection string then in Sql server side you
> give the appropriate permissions to that domain account,right?
> Thanks
>
> "ADavis" <ADavis@discussions.microsoft.com> wrote in message
> news:02DE37C7-7928-47D1-9D29-B65B07D11EA4@microsoft.com...
> > 1) Yes
> > 2) We are using a domain account
> > 3) Trusted connection.
> >
> > "J-T" wrote:
> >
> >> ADavis,
> >>
> >> WE are doing the same thing ,can I ask you couple of questions?
> >>
> >> 1)Are you using NTLM? for each website?
> >> 2) When you impersonated under a fixed account,Is it a domain account or
> >> a
> >> local account of the webserver?
> >>
> >> 3) How your connection string to the database looks like? I mean is it
> >> using
> >> Trusted Connection or Sql server account?
> >>
> >>
> >> Thanks a lot
> >>
> >> "ADavis" <ADavis@discussions.microsoft.com> wrote in message
> >> news:334A6387-584C-41DE-8D32-EDB11B4F5422@microsoft.com...
> >> > Also, I just wanted to add that the machine.config file is configured
> >> > to
> >> > use
> >> > impersonation as well on both servers (this is from our development
> >> > server):
> >> >
> >> > <identity impersonate="true" userName="domain\servername_ASPNET"
> >> > password="*******!"/>
> >> >
> >> > "ADavis" wrote:
> >> >
> >> >> We have a development web server (Windows 2000 Server) and a
> >> >> production
> >> >> web
> >> >> server (Windows 2000 Server) both are running IIS 5.0 and have the
> >> >> .NET
> >> >> Framework 1.1. We have asp.net fixed identity impersonation running
> >> >> on
> >> >> the
> >> >> development server and it's fine. We moved the website to the
> >> >> production
> >> >> server and we're getting the following error:
> >> >>
> >> >> Access denied to 'D:\MCJNET\WorkOrderSystems\default.aspx', Failed to
> >> >> start
> >> >> monitoring file changes.
> >> >>
> >> >> did a search in Google and found this article:
> >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317955
> >> >>
> >> >> We followed Method 1 - didn't work.
> >> >>
> >> >> We are reluctant to follow Method 2 because the individual web site
> >> >> folders
> >> >> are set to inherit permission from the parent.
> >> >>
> >> >> Any help will be appreciated.
> >> >>
> >> >> Sincerely,
> >> >>
> >> >> ADavis
> >>
> >>
> >>
>
>
>