Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


I use a Windows Server 2003 both as domain controller and for test and development - what can I do with ASP.NET machine account?

Posted on 2006-06-27
Medium Priority
Last Modified: 2010-04-17

I have put the question in the title.
In my company I have a small network. At this time I can only afford 1 server and must use it for all internal purposes.
For different reasons I need a network with a domain controller.
I also have a production server in a hosting company.
For some time we (I and a few colleauges) have developed only on our own PC's and used the production server for test also.
Simple because all applications were new and because of this we could run our tests on the production server before we published them on their domain addresses.
Now I need my server for development and test before we deploy to the production server.
When I had finished installing IIS and .NET framework 2.0 on the server I created a few websites.
When I wanted to define permissions for the ASP.NET Machine Account on the sites I simple could not find the account.
I tried to search on google and found some stuff about permissions that seemed to be related only to ASP.NET 1.0.  
I have found some material but it is not very clear what I must do.
Can anybody help?
I need to get some test sites up and running so I can run some demonstrations for a couple of new customers so it is a bit urgent.
Question by:JorgenVester
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 17015069
Security is always difficult:-)

First of all, you need to add some users. You can either use local accounts, which can be added in "computer management", or if you use Active Directory, you can add to the directory.

When it comes to setting up permissions, you have several places to try. First, if you have static asp pages, you can setup file level permission. You can use file explorer to open the folder, and set up security at either user or group level. Second, you can use Authorization Manager in Win2k3 to setup role level security for IIS 6. Third, you can modify web.config to setup permissions on URL etc.

Author Comment

ID: 17015558
Ok. Maybe I made my question too complicated.
And i thinK I should have put it in the ASP.NEt category.
The problem is this: on all other servers and PC's I have worked on an ASP.NET Machine account is added when the .NET framework is installed and the ASP.NET process runs in this context. If I for example need write permissions on folders I give it to this account.
When I do the same on a domain controller the ASP.NET account is nonexistent. So what to do?

Accepted Solution

jeffreyling earned 2000 total points
ID: 17115587
You can use other account instead of asp.net account. You can set up your web site to "impersonate", or you can use other accounts for the process to run under, such as "network services".

Author Comment

ID: 17116700
thank you.
where do I associate the user and the process?

another question. sorry to bother you with this but my main field is development not networks :-)

do you know if Microsoft have changed the security model for the IIS recently? a very few weeks ago I received a message from one of my customers that her website did not work anymore. she has an old asp-site where I have used an MS Access .mdb-file as database. I knew immediately the reason when I saw the error. The xxx_IUSR must have write permission on the file. It had before and now it was gone. I just put it on again and it worked. then I checked my other sites who are all ASP.NET 2.0 and saw that the permissions were changed too.
It seems that all ASPNET permissions are gone and that the system-account is used instead. Before it was necessary for ASPNET to have write permission on the folders that files were uploaded to. Now it is completely different. Maybe because I use integrated windows security and ASP.NET 2.0. I have leased my own server at a hosting company. I asked one of their support and he checked their own setup on one of their basic .NET-hotels where I have on site and the customer uploads files. Same thing. the system account had the write permissions. And an S-account with a very long name - is it a security update?    

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re thinking to yourself “That description sounds a lot like two people doing the work that one could accomplish,” you’re not alone.
Create a Windows 10 custom Image with custom task bar and custom start menu using XML for deployment.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Introduction to Processes

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question