Re: Anonymous access not working

• Previous message: Tiago Halm: "Re: ASP.NET app permissions"
• In reply to: Mike: "Re: Anonymous access not working"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 10 Jun 2005 21:35:37 +0100

Make sure you only have "Anonymous" set as the Auth for the VDir
(folder/file) you're accessing.
Make sure you add R(ead) access to the anonymous account onto the file
system where the VDir (folder/file) resides.
Do not add the anonymous account to the IIS_WPG. This group is for Worker
Process (AppPools) accounts, and not for Anonymous accounts.
Make sure the account with which you've set the impersonate also has R(ead)
access to the physical file system.

Microsoft's ASP.NET documentation is sometimes outdated regarding ASP.NET
settings when it comes to Win2003/IIS6.
While in WinXP/IIS5.1 non-ASP.NET code runs on inetinfo.exe, ASP.NET code
runs in aspnet_wp.exe. The account with which the only worker process
(aspnet_wp.exe) runs is set in machine.config.

In IIS6, all non-ASP.NET and ASP.NET code run inside the same process(es)
(w3wp.exe). The account with which the worker processes (w3wp.exe) run is
not set in machine.config, but in the AppPools node ... better yet, its set
on the metabase.xml file because Application Pools are now a part of IIS and
not only part of ASP.NET.

The ASPNET account on IIS6, does not "exist" anymore just like it existed in
IIS5.1. In WinXP/IIS5.1, this account is normally used by inetinfo.exe to
launch the aspnet_wp.exe process. Clearly, in Win2003/IIS6 tihs has changed
significantly as explained above. Some settings in machine.config are no
longer part of the overall picture when running ASP.NET in IIS6.

Tiago Halm

"Mike" <announ@tkd.net> wrote in message
news:%23mk%23ix2aFHA.464@TK2MSFTNGP15.phx.gbl...
> Yes, based on the patterns and practices on how to set up a custom account
> to run as ASP.NET. I added my custom account to the IIS_WPG group and
> applied the permissions to that group. In order to have anonymous access,
> who should be in that group besides my custom account?
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:uyx367waFHA.3364@TK2MSFTNGP09.phx.gbl...
> > Does the IIS_WPG (or Network Sevice, or whatever account ASP.NET is
> > configured to impersonate) have appropriate NTFS permissions to the
actual
> > files on the server's hard disk?
> >
> > Cheers
> > Ken
> >
> > --
> > IIS Blog: www.adopenstatic.com/cs/blogs/ken/
> > Web: www.adopenstatic.com
> >
> >
> > "Mike" <announ@tkd.net> wrote in message
> > news:%238CNr$paFHA.1152@tk2msftngp13.phx.gbl...
> > : All,
> > :
> > : We have a .NET application running on Windows 2003/IIS 6.0. I set up
the
> > : application pool account with the network service account and have
allow
> > : anonymous set for the web site. It is using the iusr machine account.
In
> > : order for us to access data from our SQL Server we impersonate the
> > ASPNET
> > : with a domain account so we can use windows authentication between the
2
> > : servers.
> > :
> > : The problem is that when we try to access the web site, we are
prompted
> > with
> > : a challenge response. Even if I remove the impersonate=true from the
> > : web.config, we still get prompted for user id and password.
> > :
> > : What am I missing?
> > :
> > : Thanks
> > : --
> > : Mike Gasperino
> > : Sr. Software Developer
> > : office: 919-807-2310
> > :
> > :
> >
****************************************************************************
> > : E-mail correspondence to and from this address may be subject to the
> > North
> > : Carolina Public Records Law "NCGS.Ch.132" and may be disclosed to
third
> > : parties
> > :
> >
****************************************************************************
> > :
> > :
> >
> >
>
>

• Previous message: Tiago Halm: "Re: ASP.NET app permissions"
• In reply to: Mike: "Re: Anonymous access not working"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]