ASPNET user

Tumurbaatar S. · Nov 5, 2005

If Windows authentication used to connect to SQL server from ASP.Net
application, a database should be accessible for ASPNET user account.
Yes? But if I map ASPNET user to SQL server and grant it database
access, then other ASP.Net applications can access my database. Yes?
Also, if impersonation is enabled, then ASPNET is not used in this case,
but IUSR_XXX. Yes?

Patrick.O.Ige · Nov 5, 2005

Yes if you use Integrated Windos Auth which is Windoows Auth.
You would use ASPNET acct to access the DB if you add the acct to SQL server
But you need to assign permission to the acct to access your
tables,Stored_prco etc..
If you impersonate then you would be using the acct AS WHO YOU ARE to access
the DB.
Patrick
** **

Tumurbaatar S. · Nov 6, 2005

Thank you!
In case of anonymous users that is IUSR_XXX?

Dominick Baier [DevelopMentor] · Nov 6, 2005

Hello Tumurbaatar S.,

is the database remote or local?
which OS ? 2k or 2k3?

Tumurbaatar S. · Nov 8, 2005

It's a local on XP.

Dominick Baier said:
Hello Tumurbaatar S.,

is the database remote or local?
which OS ? 2k or 2k3?

Dominick Baier [DevelopMentor] · Nov 8, 2005

Hello Tumurbaatar S.,

but this is not your production system, right?

Tumurbaatar S. · Nov 8, 2005

Yes, but, is there any difference between Win2K and WinXP IIS's?
I thought theirs security systems almost identical, at least for web app.

Dominick Baier [DevelopMentor] · Nov 9, 2005

Hello Tumurbaatar S.,

OK -

so with a local database, the ASPNET user account has to have access - this
won't work with a remote database- or you use sql logins.

If you have more than one app,and want distinct identities you have to use
impersonation, IMO this approach is not optimal -

better would be to use IIS6 where you can give apps distinct worker processes
which run under distinct accounts.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Yes, but, is there any difference between Win2K and WinXP IIS's? I
thought theirs security systems almost identical, at least for web
app.

Hello Tumurbaatar S.,

but this is not your production system, right?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.come i

It's a local on XP.

"Dominick Baier [DevelopMentor]"

Hello Tumurbaatar S.,

is the database remote or local?
which OS ? 2k or 2k3?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
If Windows authentication used to connect to SQL server from
ASP.Net application, a database should be accessible for ASPNET
user account. Yes? But if I map ASPNET user to SQL server and
grant it database access, then other ASP.Net applications can
access my database. Yes? Also, if impersonation is enabled, then
ASPNET is not used in this case, but IUSR_XXX. Yes?

Click to expand...

Click to expand...

How can ASPNET access the Northwind database	1	Jan 7, 2010
Public ASP.NET app and SQL Server security - best practices?	4	Sep 21, 2008
ASPNET User ID Permissions	1	Apr 5, 2005
User authentication always fails on live server	0	Mar 8, 2007
ASPNET Select permission denied...	3	May 23, 2006
WindowsPrincipal and aspnet user	2	Jan 26, 2006
ASPNET User	6	Nov 16, 2005
"Access is denied" error when running schtasks.exe under ASPNET account in win2k3 server	1	Oct 19, 2004

ASPNET user

Tumurbaatar S.

Patrick.O.Ige

Tumurbaatar S.

Dominick Baier [DevelopMentor]

Tumurbaatar S.

Dominick Baier [DevelopMentor]

Tumurbaatar S.

Dominick Baier [DevelopMentor]

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads