Solved

IIS permissions issues for IUSR guest account

Posted on 2008-10-15
5
3,535 Views
Last Modified: 2008-10-23
I have a website that I moved from the current web host to our in house server.  It utilizes asp pages and Access databases.  When testing, it will not allow the IUSR_Servername internet guest account to access the index.asp page unless I give it WRITE permissions on the wwwroot folder.  Since I wouldn't think that the WRITE permission is generally recommended to give to anonymous users, how do I resolve this issue?  What are the recommended security settings in general for asp pages?
0
Comment
Question by:bleujaegel
5 Comments
 
LVL 1

Accepted Solution

by:
Abh4IT earned 250 total points
ID: 22729378
Hi,

Yes you should not provide write access to anonymous users. What you should do is in your asp page you should authenticate/imporsonate as another user who has enough permissions. When working on ASP.NEt this is better since you can provide required rights to ASPNET user.

Hope this helps
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 22731562
So I should give read to IUSR and write to the ASPNET user and it should work?
0
 
LVL 15

Assisted Solution

by:pcsmitpra
pcsmitpra earned 250 total points
ID: 22731656
Read only for IUSR, If you are running IIS 6 then add NETwork Service and give it Execute access. Add ASPNET in case of IIS5.
0
 
LVL 2

Author Comment

by:bleujaegel
ID: 22779698
I tried the network service with execute (even tried FULL), but page would not display.  I stripped down the permissions to start over, and now I have:

administrators: FULL
IIS_WPG: Read & Execute, List folder contents, and read
Internet Guest Account IUSR_Servername: Read & Execute, List folder contents, read, and write
SYSTEM: FULL
Users: Read & Execute, List folder contents, and read

Still as soon as I take the WRITE permission away from the Internet Guest Account IUSR_Servername, then the .asp page won't display and gives an error.

I like the idea of impersonating a user, so I'll try that next, but don't know the syntax of how to set that up.  I'll give it a google.
0
 
LVL 3

Expert Comment

by:jandelbasanal
ID: 23343925
Kindly check the IIS settings first if you allow or specify execute permissions.You can check also configuration if asp extension has been added.I guess this a security related settings you encountered.

Can you create just a simple asp scripts on other folder?this is just to verify your IIS running fine with asp.Pls do check also folder security permissions on local drive or home folder.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is it true tt IIS7 can't support TLSv1.2 if OS is on Win2008 1 63
Http hosting redirect issue 2 42
System Analysis 5 57
Web site error 3 36
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now