Start Free TrialLog in
Avatar of ScottParker
ScottParkerFlag for United States of America

asked on 

IIS setup - Web site running under wrong account?

I seem to be having some security issues with a new Web server that I am setting up as a replacement for a current server.
The new server is Windows Server 2008 SP2 32bit.

I added a line of code to both the Old server, and the New server.
 lblUserName.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name

On the old server,  the returned value is NT AUTHORITY\NETWORK SERVICE  
On the new server, the returned value is mylocaldomain\myusername

I have only a slight understanding of how IIS is setup.
What do I need to look at in order to have the web site run under the Network Service account?
Web DevelopmentASP.NETWindows Server 2008Web ServersMicrosoft IIS Web Server
Avatar of undefined
Last Comment
Designbyonyx
Avatar of rehamris
rehamris
Flag of United States of America image
That info should be able to be found under services.msc.  On the 2008SP2 box, Click the "Log On As" column to sort by service account login name.  See if yours is listed for World Wide Web Publishing or otherwise?
Avatar of ScottParker
ScottParker
Flag of United States of America image

ASKER

Looking there it shows that the log on as "Local System".

Avatar of rehamris
rehamris
Flag of United States of America image
In the properties of the website, check the Security Tab, Anonymous access.  It should show in there what account is used for anonymous access for that site.  Does it show any differences between the two sites?
Avatar of ScottParker
ScottParker
Flag of United States of America image

ASKER

They are both set to IUSR.
Avatar of Paul Jackson
Paul Jackson
Flag of United Kingdom of Great Britain and Northern Ireland image
What version of IIS is on the new server? Is it the same version as the old?
It would seem that on the new server you have identity impersonation set to on either in iis or in your web.config of your website.

see : http://technet.microsoft.com/en-us/library/cc730708(WS.10).aspx
Avatar of Steve Bink
Steve Bink
Flag of United States of America image
If you are using IIS7, check the user assigned to the site's application pool.  
Avatar of ScottParker
ScottParker
Flag of United States of America image

ASKER

Old server = Server 2003   IIS 6
New server = Server 2008 IIS 7

I am not sure how to check the user that is assigned to the site's application pool.
When I go to the "Advanced Settings" of the application pool, the closest thing I see to a user is the "Identity" which is set to NetworkService.
Avatar of Designbyonyx
Designbyonyx
Flag of United States of America image
I think this may help:

http://msdn.microsoft.com/en-us/library/aa302377.aspx

Take note of the following line:

Note   With IIS 6.0 running on Windows Server 2003, the identity Matrix works except that the Machine\ASPNET identity is replaced with NT Authority\Network Service.
Avatar of Paul Jackson
Paul Jackson
Flag of United Kingdom of Great Britain and Northern Ireland image
MAke sure Identity Impersonation is turned off :

Open IIS Manager
In Features View, double-click Authentication.
On the Authentication page, select ASP.NET Impersonation.
In the Actions pane, click Disable to not use ASP.NET Impersonation authentication with the default settings.

Click OK to close the Edit ASP.NET Impersonation Settings dialog box.

Avatar of ScottParker
ScottParker
Flag of United States of America image

ASKER

Turning off ASP.Net impersonation was no help.
ASKER CERTIFIED SOLUTION
Avatar of Designbyonyx
Designbyonyx
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
ASP.NET
ASP.NET

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

128K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent