Solved

I use a Windows Server 2003 both as domain controller and for test and development - what can I do with ASP.NET machine account?

Posted on 2006-06-27
6
337 Views
Last Modified: 2010-04-17
Hey

I have put the question in the title.
In my company I have a small network. At this time I can only afford 1 server and must use it for all internal purposes.
For different reasons I need a network with a domain controller.
I also have a production server in a hosting company.
For some time we (I and a few colleauges) have developed only on our own PC's and used the production server for test also.
Simple because all applications were new and because of this we could run our tests on the production server before we published them on their domain addresses.
Now I need my server for development and test before we deploy to the production server.
When I had finished installing IIS and .NET framework 2.0 on the server I created a few websites.
When I wanted to define permissions for the ASP.NET Machine Account on the sites I simple could not find the account.
I tried to search on google and found some stuff about permissions that seemed to be related only to ASP.NET 1.0.  
I have found some material but it is not very clear what I must do.
Can anybody help?
I need to get some test sites up and running so I can run some demonstrations for a couple of new customers so it is a bit urgent.
0
Comment
Question by:JorgenVester
  • 2
  • 2
6 Comments
 
LVL 1

Expert Comment

by:jeffreyling
ID: 17015069
Security is always difficult:-)

First of all, you need to add some users. You can either use local accounts, which can be added in "computer management", or if you use Active Directory, you can add to the directory.

When it comes to setting up permissions, you have several places to try. First, if you have static asp pages, you can setup file level permission. You can use file explorer to open the folder, and set up security at either user or group level. Second, you can use Authorization Manager in Win2k3 to setup role level security for IIS 6. Third, you can modify web.config to setup permissions on URL etc.
0
 

Author Comment

by:JorgenVester
ID: 17015558
Ok. Maybe I made my question too complicated.
And i thinK I should have put it in the ASP.NEt category.
The problem is this: on all other servers and PC's I have worked on an ASP.NET Machine account is added when the .NET framework is installed and the ASP.NET process runs in this context. If I for example need write permissions on folders I give it to this account.
When I do the same on a domain controller the ASP.NET account is nonexistent. So what to do?
 
0
 
LVL 1

Accepted Solution

by:
jeffreyling earned 500 total points
ID: 17115587
You can use other account instead of asp.net account. You can set up your web site to "impersonate", or you can use other accounts for the process to run under, such as "network services".
0
 

Author Comment

by:JorgenVester
ID: 17116700
thank you.
where do I associate the user and the process?

another question. sorry to bother you with this but my main field is development not networks :-)

do you know if Microsoft have changed the security model for the IIS recently? a very few weeks ago I received a message from one of my customers that her website did not work anymore. she has an old asp-site where I have used an MS Access .mdb-file as database. I knew immediately the reason when I saw the error. The xxx_IUSR must have write permission on the file. It had before and now it was gone. I just put it on again and it worked. then I checked my other sites who are all ASP.NET 2.0 and saw that the permissions were changed too.
It seems that all ASPNET permissions are gone and that the system-account is used instead. Before it was necessary for ASPNET to have write permission on the folders that files were uploaded to. Now it is completely different. Maybe because I use integrated windows security and ASP.NET 2.0. I have leased my own server at a hosting company. I asked one of their support and he checked their own setup on one of their basic .NET-hotels where I have on site and the customer uploads files. Same thing. the system account had the write permissions. And an S-account with a very long name - is it a security update?    
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question