Re: best practice for accessing a network share from IIS

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Jul 2007 09:55:26 +0000 (UTC)

You should use UNC paths from ASP.NET (\\server\share)

Network Service appears remotely as MACHINE$ - give this account read ACLs for the share.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hello, I have a web application (ASP.NET 2.0) which should allow
authenticated users (via forms authentication) to download files that
are
stored in a network share in the same domain (windows 2000). I am byte
streaming the content of the files so that clients do not connect
directly
to the file server but only to the web server (Windows 2003).
The "network service" user (the default one for IIS 6) does not have
right
to access network shares so I need to know which is the best way (the
one
with the least privilege) to configure the security settings for the
application to work correctly.
Thank you, Paolo

Follow-Ups:
- Re: best practice for accessing a network share from IIS
  - From: Paolo Liverani

References:
- best practice for accessing a network share from IIS
  - From: Paolo Liverani

Prev by Date: best practice for accessing a network share from IIS
Next by Date: Re: User objects cannot be created in the specified container
Previous by thread: best practice for accessing a network share from IIS
Next by thread: Re: best practice for accessing a network share from IIS
Index(es):
- Date
- Thread

Relevant Pages

Re: How do I run using Windows Identity (Windows 2003)
... NETWORK SERVICE is builtin and not listed - if you want to grant access - use that name: ... But I want the ASP.NET app running as whatever user is ... In IIS Authentication Methods I turned Enable anon off and I checked ... Integrated Windows Authentication. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Error Consuming Web Service from WIndows application when WebService is using Custom Service Acc
... If you are on XP you need to give the ASPNET account access to the ... I am running this windows application on Windows XP Pro. ... I am abletoInvoke this web service from Windows Application ... here Click on Add and find out the NETWORK service user, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: svchost.exe 6 of them on startup
... Making sure your computer is clean: ... MS-MVP Windows - Shell/User ... svchost.exe = Network Service 4,540k ...
(microsoft.public.windowsxp.general)
Re: best practice for accessing a network share from IIS
... Network Service appears remotely as MACHINE$ - give this account read ACLs ... to the file server but only to the web server (Windows 2003). ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASPNET user writing to a subfolder
... The NETWORK SERVICE identity has also been confusing me. ... > ASP.NET runs as ASPNET on pre-windows 2003 and NETWORK SERVICE user on> windows 2003 by default. ... When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or NETWORK ...
(microsoft.public.dotnet.framework.aspnet)