Hi,
the account under which the asp.net worker process is running has to have NTFS rights to the files/directories you are writing
under iis5/5.1 this is usually a account called ASPNET
under IIS6 you can configure that using app pools (the default is Network Service)
IIS authentication configures how the client has to authenticate with IIS to be able to call your webservice - there are really not that much options
anonymous - everybody can call it
basic - username / password are sent in cleartext (use SSL!!!!)
integrated only works if the client is a domain member
for the basic option - the username/password pair must resemble a windows account with that name + password
keep in mind - this is only authentication - unless you are impersonating in your webservice you don't have to give the clients user account NTFS rights - all file access operations are done in the security context of the worker process.
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft. com/microsoft.publi c.dotnet.framew ork.webservices/<uE************ **@TK2MSFTNGP11 .phx.gbl>
Hello NG !
Here is the situation :
- 50 WindowsCE + GPRS devices with a .NETCF application
- a server with a .NET web service
The app on the device needs to connect to the web service and needs to send
and receive from it DataSets.
The Web service need to read and write some files on the server.
.NETCF is not a problem for me but I'm not familiar at all with IIS and
Windows security settings. What is the best way to secure my web service ?
Do I have to create a special "WebService " user and to give only to this
user the rights on the deployment directory ?
In fact, I have to define both NTFS rights and IIS rights.
Can someone give me some clues or direction to look ?
Thanks !
Thomas.
[microsoft.publi c.dotnet.framew ork.webservices]
