Who is may ASP.NET app supposed to run as?

David Thielen · Dec 30, 2006

Hi;

My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this
the correct user for strictest security? I thought best was "NETWORK SERVICE"
or something like that.

And do I need to set this when installing the app? I don't think I am
specifying the user to run under anywhere.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

David Thielen · Dec 30, 2006

Weirder and weirder - now it shows it running as me. Maybe we have something
wrong in our installer but it looks like we just create the web application
and never set who it runs as.

we are calling aspnet_regiis -ga "NETWORK SERVICE" and aspnet_regiis -pef
connection_string our_app_root_directory.

Any ideas?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

David Thielen · Dec 30, 2006

oops - and also calling:

aspnet_regiis -s W3SVC/1/ROOT/WindwardPortal

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Dominick Baier · Dec 31, 2006

you have client impersonation enabled - this will give you the behavior you
see.

W2K has no NETWORK SERVICE account - this was introduced in XP.

On W2k ASP.NET apps run by default as ASPNET.

David Thielen · Dec 31, 2006

Ok, found the impersonation and set it to false (no idea how that was ever
true).

I am on Windows 2003, not W2K so NETWORK SERVICE is correct then - yes? And
for WinXP?

For W2K the user is ASPNET - is that user used for anything in Windows 2003
or is it just around because some apps assume it exists from W2K?

We need to set permissions for our logging directory for the ASP.NET app so
is it ok if we grant permissions to NETWORK SERVICE for Windows 2003 & XP,
and to ASPNET for W2K? SHould that cover any standard configuration?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

David Thielen · Dec 31, 2006

Sorry - and what about Vista - what user is default there?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

Dominick Baier · Dec 31, 2006

Default Accounts:

II5.x (W2K/XP) : ASPNET
IIS6/7 (W2K3 / Vista) : NETWORK SERVICE

How to run as in a deamon	7	Aug 24, 2006
How do I tell who my ASP.NET app is running as?	9	Nov 15, 2006
Reading a file in my ASP.NET app	3	Dec 15, 2006
How do I run using Windows Identity (Windows 2003)	1	Dec 31, 2006
Is TabIndex the right way to set the order of controls?	1	Feb 27, 2007
Why is this an invalid password?	3	Nov 28, 2006
How do I get the domain name that a computer is on?	6	Dec 31, 2006
My ASP.NET app won't run - why?	2	Jan 2, 2007

Who is may ASP.NET app supposed to run as?

David Thielen

David Thielen

David Thielen

Dominick Baier

David Thielen

David Thielen

Dominick Baier

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads