Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Identity of asp_wp.exe

Reply
Thread Tools

Identity of asp_wp.exe

 
 
Przemo Karlikowski
Guest
Posts: n/a
 
      05-01-2007
Hello!

How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows
2000 Server from ASPNET to LocalSystem?
I want to do it to bypass SeTcbPrivelege privelege problem.

Unfortunately, the method of changing asp_wp.exe identity described on
http://msdn2.microsoft.com/en-us/lib...hy(vs.80).aspx does not work.

Thank you in advance.


 
Reply With Quote
 
 
 
 
Juan T. Llibre
Guest
Posts: n/a
 
      05-01-2007
re:
!> Unfortunately, the method of changing asp_wp.exe identity described on
!> http://msdn2.microsoft.com/en-us/lib...hy(vs.80).aspx does not work.

Yes, it does work. I've helped many people set up accounts using those instructions.
You can safely ignore the Application Pool instructions, since W2K doesn't use them.

re:
> How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from
> ASPNET to LocalSystem?


Are you sure you don't mean the SYSTEM account ?

Besides impersonating the user, per the article :

<system.web>
<processModel enable="true"
userName="System" />
</system.web>

The "System" account doesn't need a password.

Also, that only works in machine.config, not in web.config.

I'd avoid impersonating the ASP.NET process account in machine.config.

You should do it, for a particular application, in web.config :
<identity impersonate="true" userName="accountname" password="password" />

See:
http://support.microsoft.com/default.aspx/kb/306158

Additionally, run
aspnet_regiis -ga "MachineName\Account"

Additionally, make sure the following ACLs are set :
http://msdn2.microsoft.com/en-us/lib...1e(VS.80).aspx

Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you should *avoid* it.
You can run ASP.NET as *any* account you want to, provided you assign the correct permissions.

If you want to go that way ( and you should ), follow the instructions at :
http://msdn2.microsoft.com/en-us/library/ms998297.aspx

....*and* run the steps detailed above.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaņol : http://asp.net.do/foros/
===================================
"Przemo Karlikowski" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello!
>
> How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from
> ASPNET to LocalSystem?
> I want to do it to bypass SeTcbPrivelege privelege problem.
>
> Unfortunately, the method of changing asp_wp.exe identity described on
> http://msdn2.microsoft.com/en-us/lib...hy(vs.80).aspx does not work.
>
> Thank you in advance.
>



 
Reply With Quote
 
 
 
 
Przemo Karlikowski
Guest
Posts: n/a
 
      05-01-2007
I already had it in my machine.config:

<system.web>
<processModel enable="true" userName="System" />
</system.web>

I also ran
aspnet_regiis -ga SYSTEM

But instead of killing aspnet_wp.exe I should have restarted whole IIS and
that was the issue.
Now it works.

I'm writing Asp.Net application that manages Windows accounts, and for
several reasons it needs to run on System account.
At least on Windows 2000.


"Juan T. Llibre" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> re:
> !> Unfortunately, the method of changing asp_wp.exe identity described on
> !> http://msdn2.microsoft.com/en-us/lib...hy(vs.80).aspx does not
> work.
>
> Yes, it does work. I've helped many people set up accounts using those
> instructions.
> You can safely ignore the Application Pool instructions, since W2K doesn't
> use them.
>
> re:
>> How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on
>> Windows 2000 Server from ASPNET to LocalSystem?

>
> Are you sure you don't mean the SYSTEM account ?
>
> Besides impersonating the user, per the article :
>
> <system.web>
> <processModel enable="true"
> userName="System" />
> </system.web>
>
> The "System" account doesn't need a password.
>
> Also, that only works in machine.config, not in web.config.
>
> I'd avoid impersonating the ASP.NET process account in machine.config.
>
> You should do it, for a particular application, in web.config :
> <identity impersonate="true" userName="accountname" password="password" />
>
> See:
> http://support.microsoft.com/default.aspx/kb/306158
>
> Additionally, run
> aspnet_regiis -ga "MachineName\Account"
>
> Additionally, make sure the following ACLs are set :
> http://msdn2.microsoft.com/en-us/lib...1e(VS.80).aspx
>
> Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you
> should *avoid* it.
> You can run ASP.NET as *any* account you want to, provided you assign the
> correct permissions.
>
> If you want to go that way ( and you should ), follow the instructions at
> :
> http://msdn2.microsoft.com/en-us/library/ms998297.aspx
>
> ...*and* run the steps detailed above.
>
>
>
>
> Juan T. Llibre, asp.net MVP
> asp.net faq : http://asp.net.do/faq/
> foros de asp.net, en espaņol : http://asp.net.do/foros/
> ===================================



 
Reply With Quote
 
Juan T. Llibre
Guest
Posts: n/a
 
      05-01-2007
re:
> Now it works.


Good news.

re:
!>I already had it in my machine.config:
!> I'm writing Asp.Net application that manages Windows accounts, and for
!> several reasons it needs to run on System account.

As long as you understand that, by putting that in machine.config,
*all* the applications which run on that server will run as the System account.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaņol : http://asp.net.do/foros/
===================================
"Przemo Karlikowski" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I already had it in my machine.config:
>
> <system.web>
> <processModel enable="true" userName="System" />
> </system.web>
>
> I also ran
> aspnet_regiis -ga SYSTEM
>
> But instead of killing aspnet_wp.exe I should have restarted whole IIS and that was the issue.
> Now it works.
>
> I'm writing Asp.Net application that manages Windows accounts, and for several reasons it needs to
> run on System account.
> At least on Windows 2000.



> "Juan T. Llibre" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> re:
>> !> Unfortunately, the method of changing asp_wp.exe identity described on
>> !> http://msdn2.microsoft.com/en-us/lib...hy(vs.80).aspx does not work.
>>
>> Yes, it does work. I've helped many people set up accounts using those instructions.
>> You can safely ignore the Application Pool instructions, since W2K doesn't use them.
>>
>> re:
>>> How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from
>>> ASPNET to LocalSystem?

>>
>> Are you sure you don't mean the SYSTEM account ?
>>
>> Besides impersonating the user, per the article :
>>
>> <system.web>
>> <processModel enable="true"
>> userName="System" />
>> </system.web>
>>
>> The "System" account doesn't need a password.
>>
>> Also, that only works in machine.config, not in web.config.
>>
>> I'd avoid impersonating the ASP.NET process account in machine.config.
>>
>> You should do it, for a particular application, in web.config :
>> <identity impersonate="true" userName="accountname" password="password" />
>>
>> See:
>> http://support.microsoft.com/default.aspx/kb/306158
>>
>> Additionally, run
>> aspnet_regiis -ga "MachineName\Account"
>>
>> Additionally, make sure the following ACLs are set :
>> http://msdn2.microsoft.com/en-us/lib...1e(VS.80).aspx
>>
>> Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you should *avoid* it.


>> You can run ASP.NET as *any* account you want to, provided you assign the correct permissions.
>>
>> If you want to go that way ( and you should ), follow the instructions at :
>> http://msdn2.microsoft.com/en-us/library/ms998297.aspx
>>
>> ...*and* run the steps detailed above.
>>
>>
>>
>>
>> Juan T. Llibre, asp.net MVP
>> asp.net faq : http://asp.net.do/faq/
>> foros de asp.net, en espaņol : http://asp.net.do/foros/
>> ===================================

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET 2.0 Impersonation of fixed identity - truncation of identity JimLad ASP .Net 0 01-16-2009 10:42 AM
HttpContext.Current.User.Identity.Name AND Context.User.Identity.Name; nalbayo ASP .Net 2 11-11-2005 11:12 PM
Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread.CurrentPrincipal.Identity.Name jeremy.rice@alkermes.com ASP .Net Security 5 11-08-2005 05:25 PM
Issue with Identity Impersonation and user identity used passed for trusted SQL connection. Frederick D'hont ASP .Net Security 0 07-25-2005 02:41 PM
Difference between HttpContext.Current.User.Identity and identity Impersonation Giovanni Bassi ASP .Net 0 10-20-2003 02:25 PM



Advertisments