Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Security issues with Win2003 and ASPNet app

Reply
Thread Tools

Security issues with Win2003 and ASPNet app

 
 
RichardF
Guest
Posts: n/a
 
      04-28-2005
I have an ASP.NET Web Service and Web Site. It accesses a SQL
database for its data and retrieves images from another server.

There are 4 servers all running Win 2003 as follows...

1 - Domain Controller
2 - SQL Server
3 - IIS Server (runs Web Service and Web Site)
4 - File Server (stores all the image files)

I am having lots of issues with permissions because my Web Service is
running as a user under a LOCAL group IIS_WPG on the IIS Server and I
don't know how to give it the necessary permissions to access the SQL
Server and the Images on different machines.

I think what I need to do is create a Domain Account, give it the
appropriate permissions and then somehow get my Web Service to run
using that user account. I did try this using 'impersonate' but then
it appeared i didn't have permission to tun ASP.NET stuff!

Can anyone give me tips on how to accomplish this, or point me to a
resource that explains how I can accomplish this.

Thanks for any help

RichardF
 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      04-28-2005
Hello RichardF,

you can configure the identity of your web service using the Application
Pool feature of IIS6.

Add a new AppPool - give it an identity (local or domain) - and add the web
service application to the AppPool (WebApp properties)

Add the account to IIS_WPG and give it access to \windows\microsoft.net\framework\v\temporary
asp.net files\ and \windows\temp

HTH

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I have an ASP.NET Web Service and Web Site. It accesses a SQL
> database for its data and retrieves images from another server.
>
> There are 4 servers all running Win 2003 as follows...
>
> 1 - Domain Controller
> 2 - SQL Server
> 3 - IIS Server (runs Web Service and Web Site)
> 4 - File Server (stores all the image files)
> I am having lots of issues with permissions because my Web Service is
> running as a user under a LOCAL group IIS_WPG on the IIS Server and I
> don't know how to give it the necessary permissions to access the SQL
> Server and the Images on different machines.
>
> I think what I need to do is create a Domain Account, give it the
> appropriate permissions and then somehow get my Web Service to run
> using that user account. I did try this using 'impersonate' but then
> it appeared i didn't have permission to tun ASP.NET stuff!
>
> Can anyone give me tips on how to accomplish this, or point me to a
> resource that explains how I can accomplish this.
>
> Thanks for any help
>
> RichardF
>




 
Reply With Quote
 
 
 
 
RichardF
Guest
Posts: n/a
 
      04-28-2005
Thanks for the help, I will give that a go. (Assuming I can figure
out how to add a App Pool!)

Once I do this, how do I then configure permssions on the SQL server
and Image server machines?

RichardF


On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
<(E-Mail Removed)> wrote:

>Hello RichardF,
>
>you can configure the identity of your web service using the Application
>Pool feature of IIS6.
>
>Add a new AppPool - give it an identity (local or domain) - and add the web
>service application to the AppPool (WebApp properties)
>
>Add the account to IIS_WPG and give it access to \windows\microsoft.net\framework\v\temporary
>asp.net files\ and \windows\temp
>
>HTH
>
>---------------------------------------
>Dominick Baier - DevelopMentor
>http://www.leastprivilege.com
>
>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>> database for its data and retrieves images from another server.
>>
>> There are 4 servers all running Win 2003 as follows...
>>
>> 1 - Domain Controller
>> 2 - SQL Server
>> 3 - IIS Server (runs Web Service and Web Site)
>> 4 - File Server (stores all the image files)
>> I am having lots of issues with permissions because my Web Service is
>> running as a user under a LOCAL group IIS_WPG on the IIS Server and I
>> don't know how to give it the necessary permissions to access the SQL
>> Server and the Images on different machines.
>>
>> I think what I need to do is create a Domain Account, give it the
>> appropriate permissions and then somehow get my Web Service to run
>> using that user account. I did try this using 'impersonate' but then
>> it appeared i didn't have permission to tun ASP.NET stuff!
>>
>> Can anyone give me tips on how to accomplish this, or point me to a
>> resource that explains how I can accomplish this.
>>
>> Thanks for any help
>>
>> RichardF
>>

>
>


 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      04-28-2005
Hello RichardF,

if you are using a domain account - just give access to sql server for this
account / ntfs acls for your file server
if you are using a local account - recreate that account with same name/password
on the target machines and proceed as described (not the recommended solution
- you have to keep all those passwords in sync a.s.o.)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Thanks for the help, I will give that a go. (Assuming I can figure
> out how to add a App Pool!)
>
> Once I do this, how do I then configure permssions on the SQL server
> and Image server machines?
>
> RichardF
>
> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
> <(E-Mail Removed)> wrote:
>
>> Hello RichardF,
>>
>> you can configure the identity of your web service using the
>> Application Pool feature of IIS6.
>>
>> Add a new AppPool - give it an identity (local or domain) - and add
>> the web service application to the AppPool (WebApp properties)
>>
>> Add the account to IIS_WPG and give it access to
>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>> \windows\temp
>>
>> HTH
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>> database for its data and retrieves images from another server.
>>>
>>> There are 4 servers all running Win 2003 as follows...
>>>
>>> 1 - Domain Controller
>>> 2 - SQL Server
>>> 3 - IIS Server (runs Web Service and Web Site)
>>> 4 - File Server (stores all the image files)
>>> I am having lots of issues with permissions because my Web Service
>>> is
>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>> I
>>> don't know how to give it the necessary permissions to access the
>>> SQL
>>> Server and the Images on different machines.
>>> I think what I need to do is create a Domain Account, give it the
>>> appropriate permissions and then somehow get my Web Service to run
>>> using that user account. I did try this using 'impersonate' but
>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>
>>> Can anyone give me tips on how to accomplish this, or point me to a
>>> resource that explains how I can accomplish this.
>>>
>>> Thanks for any help
>>>
>>> RichardF
>>>




 
Reply With Quote
 
RichardF
Guest
Posts: n/a
 
      04-28-2005
After installing my web service and web site, they had already been
added to a default App Pool.

I right clicked the app pool, went to the identity tab and changed it
to use the domain user account I have created.

Then I added that domain user account to the IIS_WPG group.

When I try to access the web site/service from IE on another machine I
see my initial logon page but after entering a username/password IE
displays a Service Unavailable message.

Before I made the changes above, I would get an error indicating that
SQL had denied me access.

Did I miss something?

RichardF


On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
<(E-Mail Removed)> wrote:

>Hello RichardF,
>
>you can configure the identity of your web service using the Application
>Pool feature of IIS6.
>
>Add a new AppPool - give it an identity (local or domain) - and add the web
>service application to the AppPool (WebApp properties)
>
>Add the account to IIS_WPG and give it access to \windows\microsoft.net\framework\v\temporary
>asp.net files\ and \windows\temp
>
>HTH
>
>---------------------------------------
>Dominick Baier - DevelopMentor
>http://www.leastprivilege.com
>
>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>> database for its data and retrieves images from another server.
>>
>> There are 4 servers all running Win 2003 as follows...
>>
>> 1 - Domain Controller
>> 2 - SQL Server
>> 3 - IIS Server (runs Web Service and Web Site)
>> 4 - File Server (stores all the image files)
>> I am having lots of issues with permissions because my Web Service is
>> running as a user under a LOCAL group IIS_WPG on the IIS Server and I
>> don't know how to give it the necessary permissions to access the SQL
>> Server and the Images on different machines.
>>
>> I think what I need to do is create a Domain Account, give it the
>> appropriate permissions and then somehow get my Web Service to run
>> using that user account. I did try this using 'impersonate' but then
>> it appeared i didn't have permission to tun ASP.NET stuff!
>>
>> Can anyone give me tips on how to accomplish this, or point me to a
>> resource that explains how I can accomplish this.
>>
>> Thanks for any help
>>
>> RichardF
>>

>
>


 
Reply With Quote
 
RichardF
Guest
Posts: n/a
 
      04-28-2005
Actually it appears I now get Service Unavailable whenever I try to
access IIS on that machine, even the default root website.



On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <(E-Mail Removed)>
wrote:

>After installing my web service and web site, they had already been
>added to a default App Pool.
>
>I right clicked the app pool, went to the identity tab and changed it
>to use the domain user account I have created.
>
>Then I added that domain user account to the IIS_WPG group.
>
>When I try to access the web site/service from IE on another machine I
>see my initial logon page but after entering a username/password IE
>displays a Service Unavailable message.
>
>Before I made the changes above, I would get an error indicating that
>SQL had denied me access.
>
>Did I miss something?
>
>RichardF
>
>
>On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
><(E-Mail Removed)> wrote:
>
>>Hello RichardF,
>>
>>you can configure the identity of your web service using the Application
>>Pool feature of IIS6.
>>
>>Add a new AppPool - give it an identity (local or domain) - and add the web
>>service application to the AppPool (WebApp properties)
>>
>>Add the account to IIS_WPG and give it access to \windows\microsoft.net\framework\v\temporary
>>asp.net files\ and \windows\temp
>>
>>HTH
>>
>>---------------------------------------
>>Dominick Baier - DevelopMentor
>>http://www.leastprivilege.com
>>
>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>> database for its data and retrieves images from another server.
>>>
>>> There are 4 servers all running Win 2003 as follows...
>>>
>>> 1 - Domain Controller
>>> 2 - SQL Server
>>> 3 - IIS Server (runs Web Service and Web Site)
>>> 4 - File Server (stores all the image files)
>>> I am having lots of issues with permissions because my Web Service is
>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and I
>>> don't know how to give it the necessary permissions to access the SQL
>>> Server and the Images on different machines.
>>>
>>> I think what I need to do is create a Domain Account, give it the
>>> appropriate permissions and then somehow get my Web Service to run
>>> using that user account. I did try this using 'impersonate' but then
>>> it appeared i didn't have permission to tun ASP.NET stuff!
>>>
>>> Can anyone give me tips on how to accomplish this, or point me to a
>>> resource that explains how I can accomplish this.
>>>
>>> Thanks for any help
>>>
>>> RichardF
>>>

>>
>>


 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      04-28-2005
Hello RichardF,

check the event log! that's most of the time a password typo.

but the system log will give you more info.

otherwise change the default apppool back to network service - and try adding
a new migrating gradually your web apps to this new pool.

HTH

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Actually it appears I now get Service Unavailable whenever I try to
> access IIS on that machine, even the default root website.
>
> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <(E-Mail Removed)>
> wrote:
>
>> After installing my web service and web site, they had already been
>> added to a default App Pool.
>>
>> I right clicked the app pool, went to the identity tab and changed it
>> to use the domain user account I have created.
>>
>> Then I added that domain user account to the IIS_WPG group.
>>
>> When I try to access the web site/service from IE on another machine
>> I see my initial logon page but after entering a username/password IE
>> displays a Service Unavailable message.
>>
>> Before I made the changes above, I would get an error indicating that
>> SQL had denied me access.
>>
>> Did I miss something?
>>
>> RichardF
>>
>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>> <(E-Mail Removed)> wrote:
>>
>>> Hello RichardF,
>>>
>>> you can configure the identity of your web service using the
>>> Application Pool feature of IIS6.
>>>
>>> Add a new AppPool - give it an identity (local or domain) - and add
>>> the web service application to the AppPool (WebApp properties)
>>>
>>> Add the account to IIS_WPG and give it access to
>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>> \windows\temp
>>>
>>> HTH
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>> database for its data and retrieves images from another server.
>>>>
>>>> There are 4 servers all running Win 2003 as follows...
>>>>
>>>> 1 - Domain Controller
>>>> 2 - SQL Server
>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>> 4 - File Server (stores all the image files)
>>>> I am having lots of issues with permissions because my Web Service
>>>> is
>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>>> I
>>>> don't know how to give it the necessary permissions to access the
>>>> SQL
>>>> Server and the Images on different machines.
>>>> I think what I need to do is create a Domain Account, give it the
>>>> appropriate permissions and then somehow get my Web Service to run
>>>> using that user account. I did try this using 'impersonate' but
>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>
>>>> Can anyone give me tips on how to accomplish this, or point me to a
>>>> resource that explains how I can accomplish this.
>>>>
>>>> Thanks for any help
>>>>
>>>> RichardF
>>>>




 
Reply With Quote
 
RichardF
Guest
Posts: n/a
 
      04-28-2005
The event log says that the identity of my app pool is invalid.

I created a domain account on the domain server.

On the SQL Server I gave that account the appropriate permissions.

On the IIS Server I set the identity of the app pool to use that
account.

What did I do wrong this time!!!

RichardF

(P.S. Thanks for the help so far - I am learning more that I thought I
wanted to!)


On Thu, 28 Apr 2005 12:23:14 -0700, Dominick Baier [DevelopMentor]
<(E-Mail Removed)> wrote:

>Hello RichardF,
>
>check the event log! that's most of the time a password typo.
>
>but the system log will give you more info.
>
>otherwise change the default apppool back to network service - and try adding
>a new migrating gradually your web apps to this new pool.
>
>HTH
>
>---------------------------------------
>Dominick Baier - DevelopMentor
>http://www.leastprivilege.com
>
>> Actually it appears I now get Service Unavailable whenever I try to
>> access IIS on that machine, even the default root website.
>>
>> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <(E-Mail Removed)>
>> wrote:
>>
>>> After installing my web service and web site, they had already been
>>> added to a default App Pool.
>>>
>>> I right clicked the app pool, went to the identity tab and changed it
>>> to use the domain user account I have created.
>>>
>>> Then I added that domain user account to the IIS_WPG group.
>>>
>>> When I try to access the web site/service from IE on another machine
>>> I see my initial logon page but after entering a username/password IE
>>> displays a Service Unavailable message.
>>>
>>> Before I made the changes above, I would get an error indicating that
>>> SQL had denied me access.
>>>
>>> Did I miss something?
>>>
>>> RichardF
>>>
>>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>>> <(E-Mail Removed)> wrote:
>>>
>>>> Hello RichardF,
>>>>
>>>> you can configure the identity of your web service using the
>>>> Application Pool feature of IIS6.
>>>>
>>>> Add a new AppPool - give it an identity (local or domain) - and add
>>>> the web service application to the AppPool (WebApp properties)
>>>>
>>>> Add the account to IIS_WPG and give it access to
>>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>>> \windows\temp
>>>>
>>>> HTH
>>>>
>>>> ---------------------------------------
>>>> Dominick Baier - DevelopMentor
>>>> http://www.leastprivilege.com
>>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>>> database for its data and retrieves images from another server.
>>>>>
>>>>> There are 4 servers all running Win 2003 as follows...
>>>>>
>>>>> 1 - Domain Controller
>>>>> 2 - SQL Server
>>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>>> 4 - File Server (stores all the image files)
>>>>> I am having lots of issues with permissions because my Web Service
>>>>> is
>>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>>>> I
>>>>> don't know how to give it the necessary permissions to access the
>>>>> SQL
>>>>> Server and the Images on different machines.
>>>>> I think what I need to do is create a Domain Account, give it the
>>>>> appropriate permissions and then somehow get my Web Service to run
>>>>> using that user account. I did try this using 'impersonate' but
>>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>>
>>>>> Can anyone give me tips on how to accomplish this, or point me to a
>>>>> resource that explains how I can accomplish this.
>>>>>
>>>>> Thanks for any help
>>>>>
>>>>> RichardF
>>>>>

>
>


 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      04-28-2005
Did you try logging in to the server with that domain account to be sure
that you have the credentials right and it can log on locally?

Joe K.

"RichardF" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The event log says that the identity of my app pool is invalid.
>
> I created a domain account on the domain server.
>
> On the SQL Server I gave that account the appropriate permissions.
>
> On the IIS Server I set the identity of the app pool to use that
> account.
>
> What did I do wrong this time!!!
>
> RichardF
>
> (P.S. Thanks for the help so far - I am learning more that I thought I
> wanted to!)
>
>
> On Thu, 28 Apr 2005 12:23:14 -0700, Dominick Baier [DevelopMentor]
> <(E-Mail Removed)> wrote:
>
>>Hello RichardF,
>>
>>check the event log! that's most of the time a password typo.
>>
>>but the system log will give you more info.
>>
>>otherwise change the default apppool back to network service - and try
>>adding
>>a new migrating gradually your web apps to this new pool.
>>
>>HTH
>>
>>---------------------------------------
>>Dominick Baier - DevelopMentor
>>http://www.leastprivilege.com
>>
>>> Actually it appears I now get Service Unavailable whenever I try to
>>> access IIS on that machine, even the default root website.
>>>
>>> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <(E-Mail Removed)>
>>> wrote:
>>>
>>>> After installing my web service and web site, they had already been
>>>> added to a default App Pool.
>>>>
>>>> I right clicked the app pool, went to the identity tab and changed it
>>>> to use the domain user account I have created.
>>>>
>>>> Then I added that domain user account to the IIS_WPG group.
>>>>
>>>> When I try to access the web site/service from IE on another machine
>>>> I see my initial logon page but after entering a username/password IE
>>>> displays a Service Unavailable message.
>>>>
>>>> Before I made the changes above, I would get an error indicating that
>>>> SQL had denied me access.
>>>>
>>>> Did I miss something?
>>>>
>>>> RichardF
>>>>
>>>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>>>> <(E-Mail Removed)> wrote:
>>>>
>>>>> Hello RichardF,
>>>>>
>>>>> you can configure the identity of your web service using the
>>>>> Application Pool feature of IIS6.
>>>>>
>>>>> Add a new AppPool - give it an identity (local or domain) - and add
>>>>> the web service application to the AppPool (WebApp properties)
>>>>>
>>>>> Add the account to IIS_WPG and give it access to
>>>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>>>> \windows\temp
>>>>>
>>>>> HTH
>>>>>
>>>>> ---------------------------------------
>>>>> Dominick Baier - DevelopMentor
>>>>> http://www.leastprivilege.com
>>>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>>>> database for its data and retrieves images from another server.
>>>>>>
>>>>>> There are 4 servers all running Win 2003 as follows...
>>>>>>
>>>>>> 1 - Domain Controller
>>>>>> 2 - SQL Server
>>>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>>>> 4 - File Server (stores all the image files)
>>>>>> I am having lots of issues with permissions because my Web Service
>>>>>> is
>>>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server and
>>>>>> I
>>>>>> don't know how to give it the necessary permissions to access the
>>>>>> SQL
>>>>>> Server and the Images on different machines.
>>>>>> I think what I need to do is create a Domain Account, give it the
>>>>>> appropriate permissions and then somehow get my Web Service to run
>>>>>> using that user account. I did try this using 'impersonate' but
>>>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>>>
>>>>>> Can anyone give me tips on how to accomplish this, or point me to a
>>>>>> resource that explains how I can accomplish this.
>>>>>>
>>>>>> Thanks for any help
>>>>>>
>>>>>> RichardF
>>>>>>

>>
>>

>



 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      04-29-2005
Hello Joe,

and have you cleared "has to change password on first login" ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Did you try logging in to the server with that domain account to be
> sure that you have the credentials right and it can log on locally?
>
> Joe K.
>
> "RichardF" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>> The event log says that the identity of my app pool is invalid.
>>
>> I created a domain account on the domain server.
>>
>> On the SQL Server I gave that account the appropriate permissions.
>>
>> On the IIS Server I set the identity of the app pool to use that
>> account.
>>
>> What did I do wrong this time!!!
>>
>> RichardF
>>
>> (P.S. Thanks for the help so far - I am learning more that I thought
>> I wanted to!)
>>
>> On Thu, 28 Apr 2005 12:23:14 -0700, Dominick Baier [DevelopMentor]
>> <(E-Mail Removed)> wrote:
>>
>>> Hello RichardF,
>>>
>>> check the event log! that's most of the time a password typo.
>>>
>>> but the system log will give you more info.
>>>
>>> otherwise change the default apppool back to network service - and
>>> try
>>> adding
>>> a new migrating gradually your web apps to this new pool.
>>> HTH
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Actually it appears I now get Service Unavailable whenever I try to
>>>> access IIS on that machine, even the default root website.
>>>>
>>>> On Thu, 28 Apr 2005 14:10:53 -0500, RichardF <(E-Mail Removed)>
>>>> wrote:
>>>>
>>>>> After installing my web service and web site, they had already
>>>>> been added to a default App Pool.
>>>>>
>>>>> I right clicked the app pool, went to the identity tab and changed
>>>>> it to use the domain user account I have created.
>>>>>
>>>>> Then I added that domain user account to the IIS_WPG group.
>>>>>
>>>>> When I try to access the web site/service from IE on another
>>>>> machine I see my initial logon page but after entering a
>>>>> username/password IE displays a Service Unavailable message.
>>>>>
>>>>> Before I made the changes above, I would get an error indicating
>>>>> that SQL had denied me access.
>>>>>
>>>>> Did I miss something?
>>>>>
>>>>> RichardF
>>>>>
>>>>> On Thu, 28 Apr 2005 08:26:20 -0700, Dominick Baier [DevelopMentor]
>>>>> <(E-Mail Removed)> wrote:
>>>>>
>>>>>> Hello RichardF,
>>>>>>
>>>>>> you can configure the identity of your web service using the
>>>>>> Application Pool feature of IIS6.
>>>>>>
>>>>>> Add a new AppPool - give it an identity (local or domain) - and
>>>>>> add the web service application to the AppPool (WebApp
>>>>>> properties)
>>>>>>
>>>>>> Add the account to IIS_WPG and give it access to
>>>>>> \windows\microsoft.net\framework\v\temporary asp.net files\ and
>>>>>> \windows\temp
>>>>>>
>>>>>> HTH
>>>>>>
>>>>>> ---------------------------------------
>>>>>> Dominick Baier - DevelopMentor
>>>>>> http://www.leastprivilege.com
>>>>>>> I have an ASP.NET Web Service and Web Site. It accesses a SQL
>>>>>>> database for its data and retrieves images from another server.
>>>>>>>
>>>>>>> There are 4 servers all running Win 2003 as follows...
>>>>>>>
>>>>>>> 1 - Domain Controller
>>>>>>> 2 - SQL Server
>>>>>>> 3 - IIS Server (runs Web Service and Web Site)
>>>>>>> 4 - File Server (stores all the image files)
>>>>>>> I am having lots of issues with permissions because my Web
>>>>>>> Service
>>>>>>> is
>>>>>>> running as a user under a LOCAL group IIS_WPG on the IIS Server
>>>>>>> and
>>>>>>> I
>>>>>>> don't know how to give it the necessary permissions to access
>>>>>>> the
>>>>>>> SQL
>>>>>>> Server and the Images on different machines.
>>>>>>> I think what I need to do is create a Domain Account, give it
>>>>>>> the
>>>>>>> appropriate permissions and then somehow get my Web Service to
>>>>>>> run
>>>>>>> using that user account. I did try this using 'impersonate' but
>>>>>>> then it appeared i didn't have permission to tun ASP.NET stuff!
>>>>>>> Can anyone give me tips on how to accomplish this, or point me
>>>>>>> to a resource that explains how I can accomplish this.
>>>>>>>
>>>>>>> Thanks for any help
>>>>>>>
>>>>>>> RichardF
>>>>>>>




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Promote Win2003 R2 in infraestructure Win2003 SP1 =?Utf-8?B?SWdvciBSb2RyaWd1ZXM=?= MCSE 3 06-20-2007 03:50 AM
Issues with launching Batch files on Win2003 (not Win2000) ee_stevek@hotmail.fr ASP .Net 0 07-13-2006 01:25 PM
ASPNET app on Win2003 RichardF ASP .Net 3 04-21-2005 04:24 PM
Issues in locking down aspnet user security in shared environment John Dalberg ASP .Net Security 2 10-06-2003 11:59 PM
Issues in locking down aspnet user security in shared environment John Dalberg ASP .Net 0 10-06-2003 05:53 PM



Advertisments