Hello James,
From your description, when your ASP.NET application(which running under
the machine\ASPNET account) try accessing some remote protected resource,
you got premission issue, correct?
Since your ASP.NET application's work process account is "MACHINE\ASPNET",
I think your development machine is windows XP or Windows 2000 with IIS5,
correct?
As for ASP.NET application, by default all the code is running under the
worker process account. And default worker process account is different
depend on the OS/IIS version:
** on XP/2000 with IIS5, by default ASP.NET process(aspnet_wp.exe) running
under "machine\ASPNET" account, this can be changed in the machine.config
file (under framework
directory----C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG)
** on windows 2003 server with IIS6, ASP.NET use IIS application pool
mode,
and the worker process(w3wp.exe) running under "NT AUTHORITY\NETWORK
SERVICE" account.
Here is a msdn article describing how to check ASP.NET worker process
identity and how to configure it:
#Configuring ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
so for your scenario, your ASP.NET application will access some protected
remote resource, I think you can consider configure your ASP.NET
application to use a different process account. This account should be
recognizable by the remote machine and have sufficient permission. It can
be:
** a domain account
** a duplicated local account which has a mapping account (with the same
username and password) on the remote machine)
You can decide which one to use according to your detailed condition.
Also,
to make sure your custom account has sufficient permission to run ASP.NET
application, you can follow the below msdn article:
#How To: Create a Service Account for an ASP.NET 2.0 Application
https://msdn.microsoft.com/library/en-us/dnpag2/html/paght000009.asp?frame=t
rue
In addition, if there is only little number of page or code which will
access remote secured resource and you do not want to change the worker
process account for the entire web application(in machine.config). You can
consider programmatically impersonate in your application/page's code:
Here is a good article introducing impersonate in ASP.NET 2.0:
#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000023.asp?frame=tr
ue
You can have a look at the above options. If you have anything unclear or
any other information wonder, please feel free to let me know.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
