I use a Windows Server 2003 both as domain controller and for test and development - what can I do with ASP.NET machine account?

Posted on 2006-06-27
Last Modified: 2010-04-17

I have put the question in the title.
In my company I have a small network. At this time I can only afford 1 server and must use it for all internal purposes.
For different reasons I need a network with a domain controller.
I also have a production server in a hosting company.
For some time we (I and a few colleauges) have developed only on our own PC's and used the production server for test also.
Simple because all applications were new and because of this we could run our tests on the production server before we published them on their domain addresses.
Now I need my server for development and test before we deploy to the production server.
When I had finished installing IIS and .NET framework 2.0 on the server I created a few websites.
When I wanted to define permissions for the ASP.NET Machine Account on the sites I simple could not find the account.
I tried to search on google and found some stuff about permissions that seemed to be related only to ASP.NET 1.0.  
I have found some material but it is not very clear what I must do.
Can anybody help?
I need to get some test sites up and running so I can run some demonstrations for a couple of new customers so it is a bit urgent.
Question by:JorgenVester
  • 2
  • 2

Expert Comment

ID: 17015069
Security is always difficult:-)

First of all, you need to add some users. You can either use local accounts, which can be added in "computer management", or if you use Active Directory, you can add to the directory.

When it comes to setting up permissions, you have several places to try. First, if you have static asp pages, you can setup file level permission. You can use file explorer to open the folder, and set up security at either user or group level. Second, you can use Authorization Manager in Win2k3 to setup role level security for IIS 6. Third, you can modify web.config to setup permissions on URL etc.

Author Comment

ID: 17015558
Ok. Maybe I made my question too complicated.
And i thinK I should have put it in the ASP.NEt category.
The problem is this: on all other servers and PC's I have worked on an ASP.NET Machine account is added when the .NET framework is installed and the ASP.NET process runs in this context. If I for example need write permissions on folders I give it to this account.
When I do the same on a domain controller the ASP.NET account is nonexistent. So what to do?

Accepted Solution

jeffreyling earned 500 total points
ID: 17115587
You can use other account instead of account. You can set up your web site to "impersonate", or you can use other accounts for the process to run under, such as "network services".

Author Comment

ID: 17116700
thank you.
where do I associate the user and the process?

another question. sorry to bother you with this but my main field is development not networks :-)

do you know if Microsoft have changed the security model for the IIS recently? a very few weeks ago I received a message from one of my customers that her website did not work anymore. she has an old asp-site where I have used an MS Access .mdb-file as database. I knew immediately the reason when I saw the error. The xxx_IUSR must have write permission on the file. It had before and now it was gone. I just put it on again and it worked. then I checked my other sites who are all ASP.NET 2.0 and saw that the permissions were changed too.
It seems that all ASPNET permissions are gone and that the system-account is used instead. Before it was necessary for ASPNET to have write permission on the folders that files were uploaded to. Now it is completely different. Maybe because I use integrated windows security and ASP.NET 2.0. I have leased my own server at a hosting company. I asked one of their support and he checked their own setup on one of their basic .NET-hotels where I have on site and the customer uploads files. Same thing. the system account had the write permissions. And an S-account with a very long name - is it a security update?    

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
python sqlite question 11 46
Win10 re-installation, boot problem due to two drives 12 68
issue with sql server integration services 6 88
DHCP Failover Relationship caveats 6 98
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
If you don't know how to downgrade, my instructions below should be helpful.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now