Scott,
If you set the processModel element, all threads that are executed by
ASP.NET will run under that context. If you set the <identity> element,
the main thread will run under the impersonated identity, but any new
threads you create will run under the identity specific in the
<processModel>. That is one difference that many developers don't realize.
You typically would not set the <identity> element in the machine.config.
Instead, it is most often set at the web.config level. It's important to
realize that you do not have to explicitly set a username and password for
the <identity> element. If you simply enable impersonation without
specifying a user, the identity will be that of the user who is
authenticated in IIS or the anonymous account if none is authorized.
In short, the <processModel> element is used to (among other things)
specify which weak account (preferably) will be used to run the worker
process. The <identity> element is used to specify that ASP.NET code
should be run as a user other than the process account.
Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
(e-mail address removed)
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------
From: "Wm. Scott Miller" <
[email protected]>
Subject: Machine.Config -- ProcessModel vs Identity Impersonation
Date: Mon, 24 May 2004 14:23:32 -0400
Lines: 10
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Message-ID: <#
[email protected]>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: ip207064.pat.wvnet.edu 129.71.207.64
Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1 1
phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:235889
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
What is the difference between using a username and password in the
processmodel section vs using one in impersonation in the machine.config
file? What are the advantages of each and what are the reasons for using
each?
Thanks for any replies,
Scott