Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Who is may ASP.NET app supposed to run as?

Reply
Thread Tools

Who is may ASP.NET app supposed to run as?

 
 
David Thielen
Guest
Posts: n/a
 
      12-30-2006
Hi;

My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this
the correct user for strictest security? I thought best was "NETWORK SERVICE"
or something like that.

And do I need to set this when installing the app? I don't think I am
specifying the user to run under anywhere.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm


 
Reply With Quote
 
 
 
 
David Thielen
Guest
Posts: n/a
 
      12-30-2006
Weirder and weirder - now it shows it running as me. Maybe we have something
wrong in our installer but it looks like we just create the web application
and never set who it runs as.

we are calling aspnet_regiis -ga "NETWORK SERVICE" and aspnet_regiis -pef
connection_string our_app_root_directory.

Any ideas?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"David Thielen" wrote:

> Hi;
>
> My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this
> the correct user for strictest security? I thought best was "NETWORK SERVICE"
> or something like that.
>
> And do I need to set this when installing the app? I don't think I am
> specifying the user to run under anywhere.
>
> --
> thanks - dave
> david_at_windward_dot_net
> http://www.windwardreports.com
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>
>

 
Reply With Quote
 
 
 
 
David Thielen
Guest
Posts: n/a
 
      12-30-2006
oops - and also calling:

aspnet_regiis -s W3SVC/1/ROOT/WindwardPortal

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"David Thielen" wrote:

> Weirder and weirder - now it shows it running as me. Maybe we have something
> wrong in our installer but it looks like we just create the web application
> and never set who it runs as.
>
> we are calling aspnet_regiis -ga "NETWORK SERVICE" and aspnet_regiis -pef
> connection_string our_app_root_directory.
>
> Any ideas?
>
> --
> thanks - dave
> david_at_windward_dot_net
> http://www.windwardreports.com
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>
>
>
>
> "David Thielen" wrote:
>
> > Hi;
> >
> > My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is this
> > the correct user for strictest security? I thought best was "NETWORK SERVICE"
> > or something like that.
> >
> > And do I need to set this when installing the app? I don't think I am
> > specifying the user to run under anywhere.
> >
> > --
> > thanks - dave
> > david_at_windward_dot_net
> > http://www.windwardreports.com
> >
> > Cubicle Wars - http://www.windwardreports.com/film.htm
> >
> >

 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      12-31-2006
you have client impersonation enabled - this will give you the behavior you
see.

W2K has no NETWORK SERVICE account - this was introduced in XP.

On W2k ASP.NET apps run by default as ASPNET.


-----
Dominick Baier (http://www.leastprivilege.com)

> Weirder and weirder - now it shows it running as me. Maybe we have
> something wrong in our installer but it looks like we just create the
> web application and never set who it runs as.
>
> we are calling aspnet_regiis -ga "NETWORK SERVICE" and aspnet_regiis
> -pef connection_string our_app_root_directory.
>
> Any ideas?
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>
> "David Thielen" wrote:
>
>> Hi;
>>
>> My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is
>> this the correct user for strictest security? I thought best was
>> "NETWORK SERVICE" or something like that.
>>
>> And do I need to set this when installing the app? I don't think I am
>> specifying the user to run under anywhere.
>>
>> --
>> thanks - dave
>> david_at_windward_dot_net
>> http://www.windwardreports.com
>> Cubicle Wars - http://www.windwardreports.com/film.htm
>>



 
Reply With Quote
 
David Thielen
Guest
Posts: n/a
 
      12-31-2006
Ok, found the impersonation and set it to false (no idea how that was ever
true).

I am on Windows 2003, not W2K so NETWORK SERVICE is correct then - yes? And
for WinXP?

For W2K the user is ASPNET - is that user used for anything in Windows 2003
or is it just around because some apps assume it exists from W2K?

We need to set permissions for our logging directory for the ASP.NET app so
is it ok if we grant permissions to NETWORK SERVICE for Windows 2003 & XP,
and to ASPNET for W2K? SHould that cover any standard configuration?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"Dominick Baier" wrote:

> you have client impersonation enabled - this will give you the behavior you
> see.
>
> W2K has no NETWORK SERVICE account - this was introduced in XP.
>
> On W2k ASP.NET apps run by default as ASPNET.
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> > Weirder and weirder - now it shows it running as me. Maybe we have
> > something wrong in our installer but it looks like we just create the
> > web application and never set who it runs as.
> >
> > we are calling aspnet_regiis -ga "NETWORK SERVICE" and aspnet_regiis
> > -pef connection_string our_app_root_directory.
> >
> > Any ideas?
> >
> > Cubicle Wars - http://www.windwardreports.com/film.htm
> >
> > "David Thielen" wrote:
> >
> >> Hi;
> >>
> >> My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is
> >> this the correct user for strictest security? I thought best was
> >> "NETWORK SERVICE" or something like that.
> >>
> >> And do I need to set this when installing the app? I don't think I am
> >> specifying the user to run under anywhere.
> >>
> >> --
> >> thanks - dave
> >> david_at_windward_dot_net
> >> http://www.windwardreports.com
> >> Cubicle Wars - http://www.windwardreports.com/film.htm
> >>

>
>
>

 
Reply With Quote
 
David Thielen
Guest
Posts: n/a
 
      12-31-2006
Sorry - and what about Vista - what user is default there?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"David Thielen" wrote:

> Ok, found the impersonation and set it to false (no idea how that was ever
> true).
>
> I am on Windows 2003, not W2K so NETWORK SERVICE is correct then - yes? And
> for WinXP?
>
> For W2K the user is ASPNET - is that user used for anything in Windows 2003
> or is it just around because some apps assume it exists from W2K?
>
> We need to set permissions for our logging directory for the ASP.NET app so
> is it ok if we grant permissions to NETWORK SERVICE for Windows 2003 & XP,
> and to ASPNET for W2K? SHould that cover any standard configuration?
>
> --
> thanks - dave
> david_at_windward_dot_net
> http://www.windwardreports.com
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>
>
>
>
> "Dominick Baier" wrote:
>
> > you have client impersonation enabled - this will give you the behavior you
> > see.
> >
> > W2K has no NETWORK SERVICE account - this was introduced in XP.
> >
> > On W2k ASP.NET apps run by default as ASPNET.
> >
> >
> > -----
> > Dominick Baier (http://www.leastprivilege.com)
> >
> > > Weirder and weirder - now it shows it running as me. Maybe we have
> > > something wrong in our installer but it looks like we just create the
> > > web application and never set who it runs as.
> > >
> > > we are calling aspnet_regiis -ga "NETWORK SERVICE" and aspnet_regiis
> > > -pef connection_string our_app_root_directory.
> > >
> > > Any ideas?
> > >
> > > Cubicle Wars - http://www.windwardreports.com/film.htm
> > >
> > > "David Thielen" wrote:
> > >
> > >> Hi;
> > >>
> > >> My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME. Is
> > >> this the correct user for strictest security? I thought best was
> > >> "NETWORK SERVICE" or something like that.
> > >>
> > >> And do I need to set this when installing the app? I don't think I am
> > >> specifying the user to run under anywhere.
> > >>
> > >> --
> > >> thanks - dave
> > >> david_at_windward_dot_net
> > >> http://www.windwardreports.com
> > >> Cubicle Wars - http://www.windwardreports.com/film.htm
> > >>

> >
> >
> >

 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      12-31-2006
Default Accounts:

II5.x (W2K/XP) : ASPNET
IIS6/7 (W2K3 / Vista) : NETWORK SERVICE


-----
Dominick Baier (http://www.leastprivilege.com)

> Sorry - and what about Vista - what user is default there?
>
> Cubicle Wars - http://www.windwardreports.com/film.htm
>
> "David Thielen" wrote:
>
>> Ok, found the impersonation and set it to false (no idea how that was
>> ever true).
>>
>> I am on Windows 2003, not W2K so NETWORK SERVICE is correct then -
>> yes? And for WinXP?
>>
>> For W2K the user is ASPNET - is that user used for anything in
>> Windows 2003 or is it just around because some apps assume it exists
>> from W2K?
>>
>> We need to set permissions for our logging directory for the ASP.NET
>> app so is it ok if we grant permissions to NETWORK SERVICE for
>> Windows 2003 & XP, and to ASPNET for W2K? SHould that cover any
>> standard configuration?
>>
>> --
>> thanks - dave
>> david_at_windward_dot_net
>> http://www.windwardreports.com
>> Cubicle Wars - http://www.windwardreports.com/film.htm
>>
>> "Dominick Baier" wrote:
>>
>>> you have client impersonation enabled - this will give you the
>>> behavior you see.
>>>
>>> W2K has no NETWORK SERVICE account - this was introduced in XP.
>>>
>>> On W2k ASP.NET apps run by default as ASPNET.
>>>
>>> -----
>>> Dominick Baier (http://www.leastprivilege.com)
>>>> Weirder and weirder - now it shows it running as me. Maybe we have
>>>> something wrong in our installer but it looks like we just create
>>>> the web application and never set who it runs as.
>>>>
>>>> we are calling aspnet_regiis -ga "NETWORK SERVICE" and
>>>> aspnet_regiis -pef connection_string our_app_root_directory.
>>>>
>>>> Any ideas?
>>>>
>>>> Cubicle Wars - http://www.windwardreports.com/film.htm
>>>>
>>>> "David Thielen" wrote:
>>>>
>>>>> Hi;
>>>>>
>>>>> My ASP.NET app (on Windows 2003) is running under IUSR_SERVERNAME.
>>>>> Is this the correct user for strictest security? I thought best
>>>>> was "NETWORK SERVICE" or something like that.
>>>>>
>>>>> And do I need to set this when installing the app? I don't think I
>>>>> am specifying the user to run under anywhere.
>>>>>
>>>>> --
>>>>> thanks - dave
>>>>> david_at_windward_dot_net
>>>>> http://www.windwardreports.com
>>>>> Cubicle Wars - http://www.windwardreports.com/film.htm



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How are users supposed to run Java programs in server mode underWindows? Knute Johnson Java 0 11-25-2008 11:44 PM
BayPIGgies: May *THIRD* Thursday at Google (May 19) Aahz Python 0 04-22-2005 11:59 PM
News Proxy may be why many people may have missed the vote Renee Digital Photography 5 10-27-2004 06:02 AM
How to optionally use classes that may or may not be installed ? Sam Iam Java 0 01-31-2004 04:09 AM
how may in hell may i take advantage of a IF statement in two separate functions? like quit anytime with button Q Rahmi Acar C++ 5 07-28-2003 08:14 AM



Advertisments