Machine.Config -- ProcessModel vs Impersonation

Discussion in 'ASP .Net Security' started by Wm. Scott Miller, May 24, 2004.

  1. What is the difference between using a username and password in the
    processmodel section vs using one in impersonation in the machine.config
    file? What are the advantages of each and what are the usages of each?

    Thanks for any replies,
    Scott
    Wm. Scott Miller, May 24, 2004
    #1
    1. Advertising

  2. Wm. Scott Miller

    Ken Schaefer Guest

    ProcessModel is the identity of the process itself (eg the aspnetwp.exe
    process)

    Impersonation is the account that should be used (Impersonated) by ASPNET to
    access resources (eg read an .aspx file off the hard disk)when requests come
    in.

    Cheers
    Ken

    "Wm. Scott Miller" <> wrote in
    message news:...
    : What is the difference between using a username and password in the
    : processmodel section vs using one in impersonation in the machine.config
    : file? What are the advantages of each and what are the usages of each?
    :
    : Thanks for any replies,
    : Scott
    :
    :
    Ken Schaefer, May 25, 2004
    #2
    1. Advertising

  3. So which would be better to use for database access? Both work for what I'm
    doing, but I'm concerned because I'm new to ASP.NET. Which is better for
    this type of thing? What are the advantages and disadvanages of each one in
    relation to database access and network share access etc? What I'm most
    confused about is both appear to work for both of my needed tasks, so why
    have two ways to do it? Are there real advantages and disadvantages to each
    or are they equivalent?

    From what I understand, both would be of no consequence should the machine
    become compromised, even when using the "secure" ASPNET_SETREG utility to
    store the Identity information and the integrated IIS 6.0 worker process
    username/password pair (or using the same utility for IIS 5.x in the
    ProcessModel section of the machine.config). Reason is that these are
    stored using encryption based on the machine. Once you are in the machine,
    you can decrypt from the registry.

    So which one makes it most secure/more difficult to crack?

    Thanks for the reply!

    Scott

    "Ken Schaefer" <> wrote in message
    news:...
    > ProcessModel is the identity of the process itself (eg the aspnetwp.exe
    > process)
    >
    > Impersonation is the account that should be used (Impersonated) by ASPNET

    to
    > access resources (eg read an .aspx file off the hard disk)when requests

    come
    > in.
    >
    > Cheers
    > Ken
    >
    > "Wm. Scott Miller" <> wrote in
    > message news:...
    > : What is the difference between using a username and password in the
    > : processmodel section vs using one in impersonation in the machine.config
    > : file? What are the advantages of each and what are the usages of each?
    > :
    > : Thanks for any replies,
    > : Scott
    > :
    > :
    >
    >
    Wm. Scott Miller, May 25, 2004
    #3
  4. Wm. Scott Miller

    Ken Schaefer Guest

    Hi,

    You do not get a choice between which to use. :)

    If you configure impersonation, then that is the account that will be
    "impersonated" by ASP.NET for the purpose of accessing resources. Otherwise,
    it will use the process identity. The process identity is ASPNET for v1.0 on
    Windows 2000, and IWAM_<machinename> for v1.1 on Windows 2000, and the Web
    App Pool's identity on Windows 2003. If these defaults are fine, then there
    is no reason to change them.

    Cheers
    Ken


    "Wm. Scott Miller" <> wrote in
    message news:%...
    : So which would be better to use for database access? Both work for what
    I'm
    : doing, but I'm concerned because I'm new to ASP.NET. Which is better for
    : this type of thing? What are the advantages and disadvanages of each one
    in
    : relation to database access and network share access etc? What I'm most
    : confused about is both appear to work for both of my needed tasks, so why
    : have two ways to do it? Are there real advantages and disadvantages to
    each
    : or are they equivalent?
    :
    : From what I understand, both would be of no consequence should the machine
    : become compromised, even when using the "secure" ASPNET_SETREG utility to
    : store the Identity information and the integrated IIS 6.0 worker process
    : username/password pair (or using the same utility for IIS 5.x in the
    : ProcessModel section of the machine.config). Reason is that these are
    : stored using encryption based on the machine. Once you are in the
    machine,
    : you can decrypt from the registry.
    :
    : So which one makes it most secure/more difficult to crack?
    :
    : Thanks for the reply!
    :
    : Scott
    :
    : "Ken Schaefer" <> wrote in message
    : news:...
    : > ProcessModel is the identity of the process itself (eg the aspnetwp.exe
    : > process)
    : >
    : > Impersonation is the account that should be used (Impersonated) by
    ASPNET
    : to
    : > access resources (eg read an .aspx file off the hard disk)when requests
    : come
    : > in.
    : >
    : > Cheers
    : > Ken
    : >
    : > "Wm. Scott Miller" <> wrote in
    : > message news:...
    : > : What is the difference between using a username and password in the
    : > : processmodel section vs using one in impersonation in the
    machine.config
    : > : file? What are the advantages of each and what are the usages of
    each?
    : > :
    : > : Thanks for any replies,
    : > : Scott
    : > :
    : > :
    : >
    : >
    :
    :
    Ken Schaefer, May 26, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wm. Scott Miller
    Replies:
    3
    Views:
    7,241
    Jim Cheshire [MSFT]
    Jun 1, 2004
  2. Matt Hasselback

    processModel in web.config

    Matt Hasselback, May 24, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    11,357
    Dharmesh
    Jun 23, 2004
  3. Guest
    Replies:
    2
    Views:
    160
    Lewis Wang [MSFT]
    Sep 11, 2003
  4. Tim
    Replies:
    0
    Views:
    197
  5. TM

    <processModel>: Impersonation...?

    TM, May 10, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    102
    David Coe, MCP
    May 18, 2004
Loading...

Share This Page