Re: asp/xml security problem in IIS
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/05/02
- Next message: TM: "Logon Locally and Port 443"
- Previous message: Karl Levinson [x y] mvp: "Re: IIS Essentials ?"
- In reply to: Thomas Deml [Msft]: "Re: asp/xml security problem in IIS"
- Next in thread: jt: "Re: asp/xml security problem in IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Thu, 5 Dec 2002 11:28:13 -0500
Agreed. [...though note that they claimed this used to work, so I'm
assuming the correct accounts have been set up in the correct places,
although the passwords may no longer be in sync].
"Thomas Deml [Msft]" <thomad@online.microsoft.com> wrote in message
news:uEmFAtDnCHA.1456@TK2MSFTNGP08...
> For this to work you have to do one of the following:
> 1) Use a domain account as anonymous user (the IUSR account is completely
> configurable) and give this domain account rights in SQL Server.
> 2) If you have to use a local account you have to have to not only sync
the
> username between the IIS and the SQL box but also the password.
>
> Hope this helps.
>
> --
> Thomas Deml
> Lead Program Manager
> Internet Information Services
> Microsoft Corp.
>
>
> "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
> news:#DK9HW7mCHA.968@TK2MSFTNGP09...
> >
> > "jt" <jtingres@comcast.net> wrote in message
> > news:tuSdnURaafHOq3GgXTWcpg@comcast.com...
> > > We have an asp page that uses xml to get information from another
> > database.
> > > The problem is since we did some microsoft updates, only
administrators
> on
> > > the box can see the webpage. All other users on the domain can not see
> the
> > > page the xml fails. IUSR has the proper rights on the folder and we
have
> > > lowiis and anoymous checked. Can anyone think of what the problem
could
> > be.
> > > Thanks
> >
> > Well, I suppose you could enable auditing on the web server and/or
> database
> > server. It could be that the account you think is being used is not the
> one
> > being used. As you may know, if the folder containing the .ASP script
is
> > set to Medium or High "Application Isolation" in the IIS MMC, then the
> > IWAM_computername account is being used instead of IUSR.
> >
> > More info:
> >
> > http://securityadmin.info/faq.htm#auditing
> > http://securityadmin.info/faq.htm#iwam
> >
> > Or, it could be that the password for the IUSR account [or whichever
> account
> > is used to access the database] has changed either on the web server
> because
> > the IIS MMC is set to control the password, or on the SQL server because
a
> > SQL or other patch was installed. This would probably be apparrent
after
> > you enable auditing. You could confirm whether this is the case by
trying
> > to log into windows on the web server using the IUSR account and the
> > password you think is assigned to the IUSR account, or by using the
> > ADSUTIL.VBS command to retrieve or set the password for the IUSR or IWAM
> > account in the IIS metabase. More information on using ADSUTIL can be
> found
> > by searching www.microsoft.com/support for the word ADSUTIL.
> >
> >
> >
> >
>
>
- Next message: TM: "Logon Locally and Port 443"
- Previous message: Karl Levinson [x y] mvp: "Re: IIS Essentials ?"
- In reply to: Thomas Deml [Msft]: "Re: asp/xml security problem in IIS"
- Next in thread: jt: "Re: asp/xml security problem in IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
