Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   IUSR_COMPUTERNAME vs ASPNET (http://www.velocityreviews.com/forums/t766126-iusr_computername-vs-aspnet.html)

Anatolij 05-21-2004 01:50 PM

IUSR_COMPUTERNAME vs ASPNET
 
Hello people.Sorry for stupid question.But who can exlplain to me difference
between IUSR_COMPUTERNAME and ASPNET account.



Andrea D'Onofrio [MSFT] 05-21-2004 03:29 PM

Re: IUSR_COMPUTERNAME vs ASPNET
 
The first one is an IIS account used for the anonymous authentication, the
second one is an ASP.NET account used for the asp.net worker process.

HtH,
Andrea

--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Anatolij" <lankas73@hotmail.com> wrote in message
news:%23Tfo9JzPEHA.2876@TK2MSFTNGP09.phx.gbl...
> Hello people.Sorry for stupid question.But who can exlplain to me

difference
> between IUSR_COMPUTERNAME and ASPNET account.
>
>




Svein Terje Gaup 05-22-2004 02:08 PM

Re: IUSR_COMPUTERNAME vs ASPNET
 
ASP.NET takes advantage of two layers of security: 1) IIS Security, 2)
ASP.NET Security

You may read about the security model here:
http://aspnet.4guysfromrolla.com/articles/031204-1.aspx

What happens is that first, IIS has to authenticate the user. IIS may be set
to one of several different authentication modes, of which one is
"Anonymous". In old ASP, if you selected this option only, the user would
not be authenticated. All the actions of the user would be done using the
"IUSR_MACHINENAME" account.

In ASP.NET you may still be using the same account if you 1) set
authentication in IIS to use Anonymous, and 2) set the
<impersonation="true"> in web.config.

The default, however is <impersonation="false"> which means the "ASPNET"
user account will be used.

If you want to use integrated windows authentication (acces to the website
is done under the users domain or local windows account), then you should
select "Windows Authentication" in IIS and <authentication mode="windows">
(default setting) in web.config. And you should set <impersonation="true">.

Sincerely
Svein Terje Gaup




All times are GMT. The time now is 09:07 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.