RE: Who is may ASP.NET app supposed to run as?

Default Accounts:

II5.x (W2K/XP) : ASPNET
IIS6/7 (W2K3 / Vista) : NETWORK SERVICE


-----
Dominick Baier (http://www.leastprivilege.com)

Sorry - and what about Vista - what user is default there?

Cubicle Wars - http://www.windwardreports.com/film.htm

"David Thielen" wrote:

Ok, found the impersonation and set it to false (no idea how that was
ever true).

I am on Windows 2003, not W2K so NETWORK SERVICE is correct then -
yes? And for WinXP?

For W2K the user is ASPNET - is that user used for anything in
Windows 2003 or is it just around because some apps assume it exists
from W2K?

We need to set permissions for our logging directory for the ASP.NET
app so is it ok if we grant permissions to NETWORK SERVICE for
Windows 2003 & XP, and to ASPNET for W2K? SHould that cover any
standard configuration?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm

"Dominick Baier" wrote:

you have client impersonation enabled - this will give you the
behavior you see.

W2K has no NETWORK SERVICE account - this was introduced in XP.

On W2k ASP.NET apps run by default as ASPNET.

-----
Dominick Baier (http://www.leastprivilege.com)
Weirder and weirder - now it shows it running as me. Maybe we have
something wrong in our installer but it looks like we just create
the web application and never set who it runs as.

we are calling aspnet_regiis -ga "NETWORK SERVICE" and
aspnet_regiis -pef connection_string our_app_root_directory.

Any ideas?

Cubicle Wars - http://www.windwardreports.com/film.htm

"David Thielen" wrote:

Hi;

My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME.
Is this the correct user for strictest security? I thought best
was "NETWORK SERVICE" or something like that.

And do I need to set this when installing the app? I don't think I
am specifying the user to run under anywhere.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm


.

Relevant Pages

  • Re: ASPNET user writing to a subfolder
    ... ASP.NET runs as ASPNET on pre-windows 2003 and NETWORK SERVICE user on ... Then I can't find NETWORK SERVICE user anywhere in the Active Directory ... Users and Computers tool on windows 2003 box. ... When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or NETWORK ...
    (microsoft.public.dotnet.framework.aspnet)
  • Enterprise library connection when dll app created.
    ... I am creating Library (dll) with visual studio. ... When windows app or aspnet app, Use app.config or web.config to put ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: problem with running .aspx files on remote server. Urgent help needed.
    ... If you installed IIS before .Net you need to enable aspnet. ... On Windows Server 2003, this is done by installing ASPNet under Windows Components, on Windows XP, run aspnet_regiis -i where aspnet_regiis.exe is located in ... I am able to run .aspx files on local system, but when I load them to the server, I get the "Server Error in '/' Application" error. ...
    (microsoft.public.dotnet.general)
  • DllImport on framework 1.1, in IIS 6 (Windows Vista)
    ... I have an aspnet 1.1 application that works perfectly on Windows XP, ... When trying on Windows Vista (set application for aspnet 1.1 on IIS), the application crashes Internet Explorer with the message: ... I found that the errors is caused when accessing a method from an external dll. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Access Denied Temporary ASP.NET files
    ... ASPNET, so all the security experiments I was making were ... >SERVICE account, unless you have modified the settings. ... >> I have a web service which is working on a Windows XP ...
    (microsoft.public.dotnet.framework.aspnet.security)