IIS setup - Web site running under wrong account?

ScottParker
ScottParker used Ask the Experts™
on
I seem to be having some security issues with a new Web server that I am setting up as a replacement for a current server.
The new server is Windows Server 2008 SP2 32bit.

I added a line of code to both the Old server, and the New server.
 lblUserName.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name

On the old server,  the returned value is NT AUTHORITY\NETWORK SERVICE  
On the new server, the returned value is mylocaldomain\myusername

I have only a slight understanding of how IIS is setup.
What do I need to look at in order to have the web site run under the Network Service account?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
That info should be able to be found under services.msc.  On the 2008SP2 box, Click the "Log On As" column to sort by service account login name.  See if yours is listed for World Wide Web Publishing or otherwise?

Author

Commented:
Looking there it shows that the log on as "Local System".

Commented:
In the properties of the website, check the Security Tab, Anonymous access.  It should show in there what account is used for anonymous access for that site.  Does it show any differences between the two sites?
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
They are both set to IUSR.
Paul JacksonSoftware Engineer
Top Expert 2011

Commented:
What version of IIS is on the new server? Is it the same version as the old?
It would seem that on the new server you have identity impersonation set to on either in iis or in your web.config of your website.

see : http://technet.microsoft.com/en-us/library/cc730708(WS.10).aspx
Top Expert 2004

Commented:
If you are using IIS7, check the user assigned to the site's application pool.  

Author

Commented:
Old server = Server 2003   IIS 6
New server = Server 2008 IIS 7

I am not sure how to check the user that is assigned to the site's application pool.
When I go to the "Advanced Settings" of the application pool, the closest thing I see to a user is the "Identity" which is set to NetworkService.
I think this may help:

http://msdn.microsoft.com/en-us/library/aa302377.aspx

Take note of the following line:

Note   With IIS 6.0 running on Windows Server 2003, the identity Matrix works except that the Machine\ASPNET identity is replaced with NT Authority\Network Service.
Paul JacksonSoftware Engineer
Top Expert 2011

Commented:
MAke sure Identity Impersonation is turned off :

Open IIS Manager
In Features View, double-click Authentication.
On the Authentication page, select ASP.NET Impersonation.
In the Actions pane, click Disable to not use ASP.NET Impersonation authentication with the default settings.

Click OK to close the Edit ASP.NET Impersonation Settings dialog box.

Author

Commented:
Turning off ASP.Net impersonation was no help.
That link I gave you shows you all of the different identity objects and the corresponding identities returned for each.  That page contains your only options... and it even tells you that IIS 6 will return a different identity than IIS 7.

As a result, you will have to modify your application to check for the new identity returned.  This all depends on:

1) Your authentication method
2) Your web config settings (impersonation)

Assuming your configurations are correct, you should only have to change:
NT AUTHORITY\NETWORK SERVICE
to
MACHINE\ASPNET

Please refer to that link I posted earlier.  It contains everything you need to know.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial