RE: ASP.NET Fixed Identity Impersonation

From: ADavis (ADavis_at_discussions.microsoft.com)
Date: 07/19/05 

Date: Mon, 18 Jul 2005 18:36:01 -0700

We haven't upgrade to IIS 6.0 and I don't know when that will take place. I
was under the impression that running each website in it's own pool would
degrade the performance of the server? I'll do some research on what you
suggested and pitch it to my manager. Thanks.

"Dominick Baier [DevelopMentor]" wrote:

> Hello ADavis,
>
> why don't you just use IIS6 and run every application in a distinct application
> pool with a custom identity??
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > We have multiple websites (all with their own databases) running on
> > the same web server, since we were using the machine account to the
> > connect to the database (impersonation off in the webconfig file) we
> > felt it might be a security risk if the machine account were to become
> > compromised.
> >
> > I read several articles on fixed identity impersonation and encrypting
> > the credintals in the registry and it seemed like the solution. We
> > could still take advantage of connection pooling, but not have the
> > account information in plain text in our webconfig file (connection
> > string).
> >
> > "Dominick Baier [DevelopMentor]" wrote:
> >
> >> Hello ADavis,
> >>
> >> out of curiosity - why do you use fixed identity via config??
> >>
> >> ---------------------------------------
> >> Dominick Baier - DevelopMentor
> >> http://www.leastprivilege.com
> >>> Also, I just wanted to add that the machine.config file is
> >>> configured to use impersonation as well on both servers (this is
> >>> from our development server):
> >>>
> >>> <identity impersonate="true" userName="domain\servername_ASPNET"
> >>> password="*******!"/>
> >>>
> >>> "ADavis" wrote:
> >>>
> >>>> We have a development web server (Windows 2000 Server) and a
> >>>> production web server (Windows 2000 Server) both are running IIS
> >>>> 5.0 and have the .NET Framework 1.1. We have asp.net fixed
> >>>> identity impersonation running on the development server and it's
> >>>> fine. We moved the website to the production server and we're
> >>>> getting the following error:
> >>>>
> >>>> Access denied to 'D:\MCJNET\WorkOrderSystems\default.aspx', Failed
> >>>> to start monitoring file changes.
> >>>>
> >>>> did a search in Google and found this article:
> >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317955
> >>>> We followed Method 1 - didn't work.
> >>>>
> >>>> We are reluctant to follow Method 2 because the individual web site
> >>>> folders are set to inherit permission from the parent.
> >>>>
> >>>> Any help will be appreciated.
> >>>>
> >>>> Sincerely,
> >>>>
> >>>> ADavis
> >>>>
>
>
>
>

Relevant Pages

  • Re: Application pool terminated unexpectedly
    ... Things that can be responding to the request include: ... pool 'DefaultAppPool' terminated unexpectedly. ... We have always used Nessus for this. ... condition where almost every scan I run against the rebuilt web server ...
    (microsoft.public.inetserver.iis)
  • RE: Setting Specific Login/Password for Connection to BRE database.
    ... add the new domain account ... create the new Application Pool ... on the SQL server where the BRE database is hosted ... We have a web server which exposes the BRE. ...
    (microsoft.public.biztalk.general)
  • Application pool terminated unexpectedly
    ... condition where almost every scan I run against the rebuilt web server ... A process serving application pool 'DefaultAppPool' terminated unexpectedly. ...
    (microsoft.public.inetserver.iis)
  • Dynamically Changing IP address within an Application
    ... I am setting up a Client system that will connect to a Web Server ... Interfaces for each IP addy in the pool. ... Can someone gives me some pointers on where I should be looking. ...
    (comp.unix.solaris)