IIS - asp.net worker process permissions

Asked By Mrwhitey

19-Mar-07 11:28 AM

This is a sub problem from a previous post but help with just this
would be great!

In IIS 6.0 on W2003, the NETWORK SERVICE runs the ASPNET_WP however,
all folders in IIS only show the users SYSTEM, CREATOR OWNER,
Administrators and Users. Asp.net still runs fine unless you remove
Users which causes it to throw a 'failed to start monitoring file
changes'  error.

So if I add NETWORK SERVICE, this fixes the problem but all domain
users and authenticated users are able to view the page even though
nothing explicitely allowing them to do so is switched on. I have
anonymous disabled and Windows Authentication enabled.

Can anyone help explain why the NETWORK SERVICE account would give all
domain users access to folders and how I go about disallowing all
domain users by default except ones in certain groups?

Thanks

IIS Discussions

ASP.NET
(1)

IIS
(1)

SERVICE
(1)

NETWORK
(1)

ASP
(1)

NET
(1)

ASPNET_WP
(1)

ThanksHi
(1)

Ken Schaefer replied...

25-Mar-07 08:50 PM

Hi,

If you merely set Windows Authentication in ASP.NET, then users are required
to authenticate using valid Windows credentials. However ASP.NET itself is
still running as Network Service, and Network Service has permissions to the
files/folders on the disk.

If you wish to ensure that the authenticating users are *authorised*
(authorization is a different concept to authentication) to read the
file/folder, then enable <identity impersonate="true" /> in your web.config.
This forces ASP.NET to impersonate the authenicating user, and their
username will be checked against the NTFS ACLs on the files/folders in
question.

Cheers
Ken

Previous Discussion: IIS6 resource kit unattended installation

ASP access to Data on Remote devices IIS

ASP access to Data on Remote devices IIS Good Morning Folks I have a LAN Among the several connections to it are the following four devices: A MAXSTOR network Storage Device A PC running Microsoft Windows 2000 Server 5.0.2195 (SP4) A PC running Microsoft Windows XP Professional 5.1.2600 (SP2) All of the PCs are running IIS The 'Public Internet' is connected via a Broadband connection from the LAN On the MAXSTOR language how to do it ?? = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = By the way, I tried to create Virtual Folders using IIS Admin on the three PCs on the LAN, but it will not allow it for Remote' folders. I await your replies with interest Thank You in Advance Pete (Northolt UK) IIS ASP Discussions ADODB.Connection (1) Windows XP (1) Windows 2003 Server (1) Active Directory (1) Windows Server (1) Scripting.FileSystemObject (1) Server.CreateObject (1) ASP.NET (1) Whether it is morning depends on a) when the reader reads the message

Vista IIS7 Add Web Site Test Connection Failing IIS

Vista IIS7 Add Web Site Test Connection Failing IIS I'm using IIS Manager. Add Web Site is failing Test Connection because Authorization to the physical path apparently keeps failing. If IIS Manager is being used to Add a new Web Site located in Vista's My physical path folder what do I have to do to ensure Test Connection will pass? IIS Discussions Vista (1) Application Pool (1) ASP.NET (1) IIS (1) XP (1) LocalSystem (1) TestWeb1 (1) Identity (1) 1) Are you using Run As Administrator on the IIS Manager short-cut? 2) Does the physical path / directory have a user account on the

Integrated Windows Authentication - Double Hits IIS

Integrated Windows Authentication - Double Hits IIS Looking at the IIS 6 log files we have noticed that for every click a user makes for a performance hit for the server and especially for high latency networks! Can anything be done? IIS Discussions AuthPersistNonNTLM (1) IIS 6.0 (1) ASP.NET (1) IIS 7.0 (1) IIS (1) AuthPersistSingleRequest (1) EnableKerbAuthPersist (1) AuthPersistence (1) In IIS manager open the properties dialog of

New problem IIS

New problem IIS I'm trying to build a hit counter that does what I want using an posted this in the wrong group then please direct me to the right one Thanks IIS ASP Discussions Request.FilePath.LastIndexOf (1) ADODB.Recordset (1) Request.FilePath.Remove (1) Windows Server 2003 (1) Server.CreateObject (1) Server.MapPath (1) ASP.NET (1) ADO.NET (1) There was no way for you to know it (except maybe the previous questions before posting yours - always a recommended practice), but this is a classic asp newsgroup. ASP.Net is a different technology from classic ASP. While you may be lucky enough to find

Security headache: accessing a DCOM server from ASP.NET IIS

Security headache: accessing a DCOM server from ASP.NET IIS Hi, I have a ASP.NET 3.5 web server that accesses a DCOM server. When the ASP.NET application is deployed on Windows XP, I give the ASPNET user access permission to the DCOM server using DCOM config. The web application works well. The problem is when the ASP.NET application is deployed on Windows 2003 Server. In this case I give to the