469,948 Members | 2,911 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,948 developers. It's quick & easy.

ASPNET user writing to a subfolder

Should ASPNET user belong to the local Users group?
I may have made some changes that affected my workstation setup and I am
experiencing some unexpected behaviors.

For example, I have my IIS set up with anonymous login and have ASP.NET
running.
My ASP.NET application then creates a log file and writes to it during its
course. The only thing is that it should not be able to.

My questions are below. Please correct any incorrect assumptions I make as
well:

1. When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or NETWORK
SERVICE) user.
Would <identity impersonate="true"> make the app run as IUSER_MACHINENAME
user?

2. When IIS in in windows authentication mode, ASP.NET app still runs as
APNET(or NETWORK SERVICE) user unless you specify <identity
impersonate="true"> in which case, the app will run as the user
authenticated by IIS.

Also, this may seem like a stupid question but does <identity
impersonate="true"> have effect on only the resources that are requested by
the application, - i.e. file system access, directory service, etc. - or
does it change the user who's making the request in the first?

Within the app, if I queried for the current user executing the app, would I
see IUSER_MACHINENAME in #1 and the authenticated user in #2? If I
specified a user in #2 (by supplying user/pass), would I see the specified
user from the app or does it only affect the access to the resources?

I hope the questions are not too confusing and thanks for your help.
Jiho

Nov 18 '05 #1
3 1730
Another set of questions...

ASP.NET runs as ASPNET on pre-windows 2003 and NETWORK SERVICE user on
windows 2003 by default.

I found out that ASP.NET user on my workstation(XP) belongs to the local
Users group. Should this be? I looked at another installation which is
pretty much untouched after the ASP.NET(or framework SDK) installation and I
found the same to be true. This seems like a bad idea to me.

Then I can't find NETWORK SERVICE user anywhere in the Active Directory
Users and Computers tool on windows 2003 box. But I know that it's there
since I have a working ASP.NET app. I am not very familiar with AD and I
guess I am looking for a specific location where I can see the user listed
similar to how ASPNET user is listed in windows 2000/xp. On a similar note,
I don't see NETWORK SERVICE user listed under the local built-in Users
group. Is it there but invisible somehow or is it not part of the group at
all? If it's the latter, then why would ASPNET user need to be in the Users
group?

Thanks for any info.
Jiho

"Jiho Han" <ji******@infinityinfo.com> wrote in message
news:uS**************@TK2MSFTNGP12.phx.gbl...
Should ASPNET user belong to the local Users group?
I may have made some changes that affected my workstation setup and I am
experiencing some unexpected behaviors.

For example, I have my IIS set up with anonymous login and have ASP.NET
running.
My ASP.NET application then creates a log file and writes to it during its
course. The only thing is that it should not be able to.

My questions are below. Please correct any incorrect assumptions I make as well:

1. When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or NETWORK
SERVICE) user.
Would <identity impersonate="true"> make the app run as IUSER_MACHINENAME
user?

2. When IIS in in windows authentication mode, ASP.NET app still runs as
APNET(or NETWORK SERVICE) user unless you specify <identity
impersonate="true"> in which case, the app will run as the user
authenticated by IIS.

Also, this may seem like a stupid question but does <identity
impersonate="true"> have effect on only the resources that are requested by the application, - i.e. file system access, directory service, etc. - or
does it change the user who's making the request in the first?

Within the app, if I queried for the current user executing the app, would I see IUSER_MACHINENAME in #1 and the authenticated user in #2? If I
specified a user in #2 (by supplying user/pass), would I see the specified
user from the app or does it only affect the access to the resources?

I hope the questions are not too confusing and thanks for your help.
Jiho

Nov 18 '05 #2
The NETWORK SERVICE identity has also been confusing me.
I have not figured it all out yet but suggest at least the two Pattern
& Practice articles as a good start...

http://msdn.microsoft.com/library/de...asp?frame=true

http://msdn.microsoft.com/library/de...haspdotnet.asp

--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/


"Jiho Han" <ji******@infinityinfo.com> wrote in message
news:Oy**************@TK2MSFTNGP10.phx.gbl...
Another set of questions...

ASP.NET runs as ASPNET on pre-windows 2003 and NETWORK SERVICE user on
windows 2003 by default.

I found out that ASP.NET user on my workstation(XP) belongs to the local Users group. Should this be? I looked at another installation which is pretty much untouched after the ASP.NET(or framework SDK) installation and I found the same to be true. This seems like a bad idea to me.

Then I can't find NETWORK SERVICE user anywhere in the Active Directory Users and Computers tool on windows 2003 box. But I know that it's there since I have a working ASP.NET app. I am not very familiar with AD and I guess I am looking for a specific location where I can see the user listed similar to how ASPNET user is listed in windows 2000/xp. On a similar note, I don't see NETWORK SERVICE user listed under the local built-in Users
group. Is it there but invisible somehow or is it not part of the group at all? If it's the latter, then why would ASPNET user need to be in the Users group?

Thanks for any info.
Jiho

"Jiho Han" <ji******@infinityinfo.com> wrote in message
news:uS**************@TK2MSFTNGP12.phx.gbl...
Should ASPNET user belong to the local Users group?
I may have made some changes that affected my workstation setup and I am experiencing some unexpected behaviors.

For example, I have my IIS set up with anonymous login and have ASP.NET running.
My ASP.NET application then creates a log file and writes to it during its course. The only thing is that it should not be able to.

My questions are below. Please correct any incorrect assumptions I make
as
well:

1. When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or
NETWORK SERVICE) user.
Would <identity impersonate="true"> make the app run as IUSER_MACHINENAME user?

2. When IIS in in windows authentication mode, ASP.NET app still runs as APNET(or NETWORK SERVICE) user unless you specify <identity
impersonate="true"> in which case, the app will run as the user
authenticated by IIS.

Also, this may seem like a stupid question but does <identity
impersonate="true"> have effect on only the resources that are requested by
the application, - i.e. file system access, directory service,
etc. - or does it change the user who's making the request in the first?

Within the app, if I queried for the current user executing the app, would I
see IUSER_MACHINENAME in #1 and the authenticated user in #2? If I
specified a user in #2 (by supplying user/pass), would I see the

specified user from the app or does it only affect the access to the resources?
I hope the questions are not too confusing and thanks for your help.
Jiho


Nov 18 '05 #3
Thanks Clinton, I'll take a look at them.

"clintonG" <csgallagher@RE************@metromilwaukee.com> wrote in message
news:Ol**************@TK2MSFTNGP10.phx.gbl...
The NETWORK SERVICE identity has also been confusing me.
I have not figured it all out yet but suggest at least the two Pattern
& Practice articles as a good start...

http://msdn.microsoft.com/library/de...asp?frame=true
http://msdn.microsoft.com/library/de...haspdotnet.asp
--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/


"Jiho Han" <ji******@infinityinfo.com> wrote in message
news:Oy**************@TK2MSFTNGP10.phx.gbl...
Another set of questions...

ASP.NET runs as ASPNET on pre-windows 2003 and NETWORK SERVICE user on
windows 2003 by default.

I found out that ASP.NET user on my workstation(XP) belongs to the

local
Users group. Should this be? I looked at another installation which

is
pretty much untouched after the ASP.NET(or framework SDK) installation

and I
found the same to be true. This seems like a bad idea to me.

Then I can't find NETWORK SERVICE user anywhere in the Active

Directory
Users and Computers tool on windows 2003 box. But I know that it's

there
since I have a working ASP.NET app. I am not very familiar with AD

and I
guess I am looking for a specific location where I can see the user

listed
similar to how ASPNET user is listed in windows 2000/xp. On a similar

note,
I don't see NETWORK SERVICE user listed under the local built-in Users
group. Is it there but invisible somehow or is it not part of the

group at
all? If it's the latter, then why would ASPNET user need to be in the

Users
group?

Thanks for any info.
Jiho

"Jiho Han" <ji******@infinityinfo.com> wrote in message
news:uS**************@TK2MSFTNGP12.phx.gbl...
Should ASPNET user belong to the local Users group?
I may have made some changes that affected my workstation setup and I am experiencing some unexpected behaviors.

For example, I have my IIS set up with anonymous login and have ASP.NET running.
My ASP.NET application then creates a log file and writes to it during its course. The only thing is that it should not be able to.

My questions are below. Please correct any incorrect assumptions I make
as
well:

1. When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or

NETWORK SERVICE) user.
Would <identity impersonate="true"> make the app run as IUSER_MACHINENAME user?

2. When IIS in in windows authentication mode, ASP.NET app still runs as APNET(or NETWORK SERVICE) user unless you specify <identity
impersonate="true"> in which case, the app will run as the user
authenticated by IIS.

Also, this may seem like a stupid question but does <identity
impersonate="true"> have effect on only the resources that are requested
by
the application, - i.e. file system access, directory service,

etc. - or does it change the user who's making the request in the first?

Within the app, if I queried for the current user executing the app, would
I
see IUSER_MACHINENAME in #1 and the authenticated user in #2? If I
specified a user in #2 (by supplying user/pass), would I see the

specified user from the app or does it only affect the access to the resources?
I hope the questions are not too confusing and thanks for your help.
Jiho



Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Harry Simpson | last post: by
6 posts views Thread by Andrew Chalk | last post: by
5 posts views Thread by =?Utf-8?B?TWljaGFlbCBNaWxsZXI=?= | last post: by
1 post views Thread by Bobby Edward | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.