PDC Tip from Jeff Prosise

Sunday, October 26, 2003

From his ASP.NET Security Pre-Conference talk: Knowing the default accounts under which the ASP.NET worker process is run (ASPNET on IIS 5.0, Network Service on IIS 6.0) allows you to set ACLs on resources that your application may need, so as to allow ASP.NET to read, write, or take other actions on these resources. You can also use the element in machine.config to change the account under which the ASP.NET worker process is run. Note that you should always encrypt any passwords stored in machine.config (you can use aspnet_setreg.exe utility to store credentials in the registry and then refer to them from machine.config...see KB article #329290 for more details)

3 Comments

jeff should also mention this is different on a domain controller. causes no end of confusion.

doug reilly - Sunday, October 26, 2003 9:16:00 PM

"jeff should also mention this is different on a domain controller. causes no end of confusion."

True, but running ASP.NET on a DC is not a best practice at all, so my recommendation would be to re-think running ASP.NET on a DC, rather than try to work out the whole process identity thing in that case.

G. Andrew Duthie - Sunday, October 26, 2003 9:26:00 PM

true. but i have worked with folks on www.asp.net for a while before thinking of asking them, and they tell me "sure, but what difference does that make..."

while me.awake

me.banghead()

end while

<g>

doug reilly - Sunday, October 26, 2003 9:30:00 PM

Comments have been disabled for this content.