Security Problems in ASP.NET 2.0

[Jaime Stuardo]

Hi all..

Since I installed ASP.NET 2.0, I have a lot of problems concerning Sercurity.

Using default authorization configuration I could develop applications
remotely using VS.NET because I added my network user as part of the VS
developers group in the remote machine.

This way, when I run the application, I cannot call a web service (presented
in the same remote machine) because it says that NETWORK SERVICE doesn't have
permissions.

In order to solve that, I added this piece of code to the web.config file:
<identity impersonate="false"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>

This way, pages work (not throwing the same permission error), but I
affected development. When using VS.NET, a popup authenticatin dialog is
shown. I need to authenticate using administrator credentials in order to the
project to load correctly and to allow page modifications. My network user,
besides being in VS developers group, have full access permissions to web
site directories (from wwwroot$ and below), so I don't know what else to
check.

Any help would be greatly appreciated.

Thanks
Jaime