ASPNET account for windows 2000 server

[Guest]

I am trying to setup ASPNET account for .NET application to access database
(SQL Server 2000) by
aspnet_regiis -i in the directory C:\WINNT\Microsoft.NET\Framework\v1.1.4322

After running it, I got a successful installed information. But I can not
find this account in Active Directory.

The authentication uses Active Directory.

David

 

[Norman Yuan]

ASPNET account is an account local to the IIS server where your APS.NET
application runs.

 

[Steve]

The ASPNET account is added to the local user database, not Active
Directory. You'll need to manually add it yourself if you want it to
have AD credentials, although you might be better off using
impersonation, since you have Windows Authentication enabled. Better
security, in my opinion.


Steve C.
MCAD,MCSE,MCP+I,CNE,CNA,CCNA

 

[Guest]

All user accounts in my server in Active Directory User and Computers.

My system is small business 2000 server.

David

 

[Guest]

About the local Users and Groups in my server:
I go to My Computer, and Manage and click on Local Users and Groups. I have
the following message:
The computer is a domain controller. This snap-in cannot be used on a domain
controller. Domain accounts are managed with the Active Directory Users and
Computers snap-in.

Dabin

 

[Norman Yuan]

If your server is also domain controller, then there would be no local user
account. If you have to run your ASP.NET application on this server, you
need to some special configuration. Search MS Knowledge Base, there are a
few articles on running IIS/ASP.NET apps on domain controller. such as:

http://support.microsoft.com/kb/315158

and

http://msdn2.microsoft.com/en-us/library/aa579070.aspx

 

[Juan T. Llibre]

re:
!> All user accounts in my server in Active Directory User and Computers.

The local accounts aren't added to Active Directory.
You can add it manually, or take the advice to impersonate.

I'd impersonate any existing AD account, and give it
the necessary directory permissions, if I were you.

Here's a guideline for doing this for the .Net Framework 1.1 :

http://msdn2.microsoft.com/en-us/library/kwzs111e(vs.71).aspx

 

[Guest]

Thank you, Norman and Steve.

I will read them and then reply to you.

David

 

[Juan T. Llibre]

re:
!> If your server is also domain controller
!> If you have to run your ASP.NET application on this server
!> running IIS/ASP.NET apps on domain controller

Definitely not recommended.

 

[Norman Yuan]

For many small offices, they may not have the luxury to have another
computer to run web apps. A server may have to do everythihng: domain
controller, file/print server, and even exchange, IIS and SQL Server... all
on single server. That is why the OP mentions "Small business server".

 

[Juan T. Llibre]

re:
!> For many small offices, they may not have the luxury to have another computer to run web apps.

I know that. It's still not *recommended*.
The problem is that a security breach would compromise the whole domain.

The way to go about it is to create a custom account to run ASP.NET,
and give that account only the security rights it needs to run ASP.NET
so that a security breach edoesn't compromise the domain, but only the
system areas where the ASP.NET account has permissions to.

That's why I suggested, earlier, that :

!> I'd impersonate any existing AD account, and give it
!> the necessary directory permissions, if I were you.

!> Here's a guideline for doing this for the .Net Framework 1.1 :

!> http://msdn2.microsoft.com/en-us/library/kwzs111e(vs.71).aspx

An ad-hoc account, created especially for that purpose, would work just as well.