Machine.Config -- ProcessModel vs Impersonation

W

Wm. Scott Miller

What is the difference between using a username and password in the
processmodel section vs using one in impersonation in the machine.config
file? What are the advantages of each and what are the usages of each?

Thanks for any replies,
Scott
 
K

Ken Schaefer

ProcessModel is the identity of the process itself (eg the aspnetwp.exe
process)

Impersonation is the account that should be used (Impersonated) by ASPNET to
access resources (eg read an .aspx file off the hard disk)when requests come
in.

Cheers
Ken

message : What is the difference between using a username and password in the
: processmodel section vs using one in impersonation in the machine.config
: file? What are the advantages of each and what are the usages of each?
:
: Thanks for any replies,
: Scott
:
:
 
W

Wm. Scott Miller

So which would be better to use for database access? Both work for what I'm
doing, but I'm concerned because I'm new to ASP.NET. Which is better for
this type of thing? What are the advantages and disadvanages of each one in
relation to database access and network share access etc? What I'm most
confused about is both appear to work for both of my needed tasks, so why
have two ways to do it? Are there real advantages and disadvantages to each
or are they equivalent?

From what I understand, both would be of no consequence should the machine
become compromised, even when using the "secure" ASPNET_SETREG utility to
store the Identity information and the integrated IIS 6.0 worker process
username/password pair (or using the same utility for IIS 5.x in the
ProcessModel section of the machine.config). Reason is that these are
stored using encryption based on the machine. Once you are in the machine,
you can decrypt from the registry.

So which one makes it most secure/more difficult to crack?

Thanks for the reply!

Scott
 
K

Ken Schaefer

Hi,

You do not get a choice between which to use. :)

If you configure impersonation, then that is the account that will be
"impersonated" by ASP.NET for the purpose of accessing resources. Otherwise,
it will use the process identity. The process identity is ASPNET for v1.0 on
Windows 2000, and IWAM_<machinename> for v1.1 on Windows 2000, and the Web
App Pool's identity on Windows 2003. If these defaults are fine, then there
is no reason to change them.

Cheers
Ken


message : So which would be better to use for database access? Both work for what
I'm
: doing, but I'm concerned because I'm new to ASP.NET. Which is better for
: this type of thing? What are the advantages and disadvanages of each one
in
: relation to database access and network share access etc? What I'm most
: confused about is both appear to work for both of my needed tasks, so why
: have two ways to do it? Are there real advantages and disadvantages to
each
: or are they equivalent?
:
: From what I understand, both would be of no consequence should the machine
: become compromised, even when using the "secure" ASPNET_SETREG utility to
: store the Identity information and the integrated IIS 6.0 worker process
: username/password pair (or using the same utility for IIS 5.x in the
: ProcessModel section of the machine.config). Reason is that these are
: stored using encryption based on the machine. Once you are in the
machine,
: you can decrypt from the registry.
:
: So which one makes it most secure/more difficult to crack?
:
: Thanks for the reply!
:
: Scott
:
: : > ProcessModel is the identity of the process itself (eg the aspnetwp.exe
: > process)
: >
: > Impersonation is the account that should be used (Impersonated) by
ASPNET
: to
: > access resources (eg read an .aspx file off the hard disk)when requests
: come
: > in.
: >
: > Cheers
: > Ken
: >
: > message : > : What is the difference between using a username and password in the
: > : processmodel section vs using one in impersonation in the
machine.config
: > : file? What are the advantages of each and what are the usages of
each?
: > :
: > : Thanks for any replies,
: > : Scott
: > :
: > :
: >
: >
:
:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top