I use a Windows Server 2003 both as domain controller and for test and development - what can I do with ASP.NET machine account?

Posted on 2006-06-27
Last Modified: 2010-04-17

I have put the question in the title.
In my company I have a small network. At this time I can only afford 1 server and must use it for all internal purposes.
For different reasons I need a network with a domain controller.
I also have a production server in a hosting company.
For some time we (I and a few colleauges) have developed only on our own PC's and used the production server for test also.
Simple because all applications were new and because of this we could run our tests on the production server before we published them on their domain addresses.
Now I need my server for development and test before we deploy to the production server.
When I had finished installing IIS and .NET framework 2.0 on the server I created a few websites.
When I wanted to define permissions for the ASP.NET Machine Account on the sites I simple could not find the account.
I tried to search on google and found some stuff about permissions that seemed to be related only to ASP.NET 1.0.  
I have found some material but it is not very clear what I must do.
Can anybody help?
I need to get some test sites up and running so I can run some demonstrations for a couple of new customers so it is a bit urgent.
Question by:JorgenVester
  • 2
  • 2

Expert Comment

ID: 17015069
Security is always difficult:-)

First of all, you need to add some users. You can either use local accounts, which can be added in "computer management", or if you use Active Directory, you can add to the directory.

When it comes to setting up permissions, you have several places to try. First, if you have static asp pages, you can setup file level permission. You can use file explorer to open the folder, and set up security at either user or group level. Second, you can use Authorization Manager in Win2k3 to setup role level security for IIS 6. Third, you can modify web.config to setup permissions on URL etc.

Author Comment

ID: 17015558
Ok. Maybe I made my question too complicated.
And i thinK I should have put it in the ASP.NEt category.
The problem is this: on all other servers and PC's I have worked on an ASP.NET Machine account is added when the .NET framework is installed and the ASP.NET process runs in this context. If I for example need write permissions on folders I give it to this account.
When I do the same on a domain controller the ASP.NET account is nonexistent. So what to do?

Accepted Solution

jeffreyling earned 500 total points
ID: 17115587
You can use other account instead of account. You can set up your web site to "impersonate", or you can use other accounts for the process to run under, such as "network services".

Author Comment

ID: 17116700
thank you.
where do I associate the user and the process?

another question. sorry to bother you with this but my main field is development not networks :-)

do you know if Microsoft have changed the security model for the IIS recently? a very few weeks ago I received a message from one of my customers that her website did not work anymore. she has an old asp-site where I have used an MS Access .mdb-file as database. I knew immediately the reason when I saw the error. The xxx_IUSR must have write permission on the file. It had before and now it was gone. I just put it on again and it worked. then I checked my other sites who are all ASP.NET 2.0 and saw that the permissions were changed too.
It seems that all ASPNET permissions are gone and that the system-account is used instead. Before it was necessary for ASPNET to have write permission on the folders that files were uploaded to. Now it is completely different. Maybe because I use integrated windows security and ASP.NET 2.0. I have leased my own server at a hosting company. I asked one of their support and he checked their own setup on one of their basic .NET-hotels where I have on site and the customer uploads files. Same thing. the system account had the write permissions. And an S-account with a very long name - is it a security update?    

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
java continue statement 10 72
countX 22 70
Arduino EDI - Programming language 3 60
Impossible to extract MSI from new JAVA releases 2 38
This article will show, step by step, how to integrate R code into a R Sweave document
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now