• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

I use a Windows Server 2003 both as domain controller and for test and development - what can I do with ASP.NET machine account?


I have put the question in the title.
In my company I have a small network. At this time I can only afford 1 server and must use it for all internal purposes.
For different reasons I need a network with a domain controller.
I also have a production server in a hosting company.
For some time we (I and a few colleauges) have developed only on our own PC's and used the production server for test also.
Simple because all applications were new and because of this we could run our tests on the production server before we published them on their domain addresses.
Now I need my server for development and test before we deploy to the production server.
When I had finished installing IIS and .NET framework 2.0 on the server I created a few websites.
When I wanted to define permissions for the ASP.NET Machine Account on the sites I simple could not find the account.
I tried to search on google and found some stuff about permissions that seemed to be related only to ASP.NET 1.0.  
I have found some material but it is not very clear what I must do.
Can anybody help?
I need to get some test sites up and running so I can run some demonstrations for a couple of new customers so it is a bit urgent.
  • 2
  • 2
1 Solution
Security is always difficult:-)

First of all, you need to add some users. You can either use local accounts, which can be added in "computer management", or if you use Active Directory, you can add to the directory.

When it comes to setting up permissions, you have several places to try. First, if you have static asp pages, you can setup file level permission. You can use file explorer to open the folder, and set up security at either user or group level. Second, you can use Authorization Manager in Win2k3 to setup role level security for IIS 6. Third, you can modify web.config to setup permissions on URL etc.
JorgenVesterAuthor Commented:
Ok. Maybe I made my question too complicated.
And i thinK I should have put it in the ASP.NEt category.
The problem is this: on all other servers and PC's I have worked on an ASP.NET Machine account is added when the .NET framework is installed and the ASP.NET process runs in this context. If I for example need write permissions on folders I give it to this account.
When I do the same on a domain controller the ASP.NET account is nonexistent. So what to do?
You can use other account instead of asp.net account. You can set up your web site to "impersonate", or you can use other accounts for the process to run under, such as "network services".
JorgenVesterAuthor Commented:
thank you.
where do I associate the user and the process?

another question. sorry to bother you with this but my main field is development not networks :-)

do you know if Microsoft have changed the security model for the IIS recently? a very few weeks ago I received a message from one of my customers that her website did not work anymore. she has an old asp-site where I have used an MS Access .mdb-file as database. I knew immediately the reason when I saw the error. The xxx_IUSR must have write permission on the file. It had before and now it was gone. I just put it on again and it worked. then I checked my other sites who are all ASP.NET 2.0 and saw that the permissions were changed too.
It seems that all ASPNET permissions are gone and that the system-account is used instead. Before it was necessary for ASPNET to have write permission on the folders that files were uploaded to. Now it is completely different. Maybe because I use integrated windows security and ASP.NET 2.0. I have leased my own server at a hosting company. I asked one of their support and he checked their own setup on one of their basic .NET-hotels where I have on site and the customer uploads files. Same thing. the system account had the write permissions. And an S-account with a very long name - is it a security update?    
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now