Re: ASPNET user writing to a subfolder

From: clintonG (csgallagher_at_REMOVETHISTEXT@metromilwaukee.com)
Date: 05/20/04 

Date: Thu, 20 May 2004 18:21:25 -0500

The NETWORK SERVICE identity has also been confusing me.
I have not figured it all out yet but suggest at least the two Pattern
& Practice articles as a good start...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp?frame=true

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp 

-- 
<%= Clinton Gallagher
         A/E/C Consulting, Web Design, e-Commerce Software Development
         Wauwatosa, Milwaukee County, Wisconsin USA
         NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
         URL http://www.metromilwaukee.com/clintongallagher/
"Jiho Han" <jiho.han@infinityinfo.com> wrote in message
news:Oy3zLloPEHA.3524@TK2MSFTNGP10.phx.gbl...
> Another set of questions...
>
> ASP.NET runs as ASPNET on pre-windows 2003 and NETWORK SERVICE user on
> windows 2003 by default.
>
> I found out that ASP.NET user on my workstation(XP) belongs to the
local
> Users group.  Should this be?  I looked at another installation which
is
> pretty much untouched after the ASP.NET(or framework SDK) installation
and I
> found the same to be true.  This seems like a bad idea to me.
>
> Then I can't find NETWORK SERVICE user anywhere in the Active
Directory
> Users and Computers tool on windows 2003 box.  But I know that it's
there
> since I have a working ASP.NET app.  I am not very familiar with AD
and I
> guess I am looking for a specific location where I can see the user
listed
> similar to how ASPNET user is listed in windows 2000/xp.  On a similar
note,
> I don't see NETWORK SERVICE user listed under the local built-in Users
> group.  Is it there but invisible somehow or is it not part of the
group at
> all?  If it's the latter, then why would ASPNET user need to be in the
Users
> group?
>
> Thanks for any info.
> Jiho
>
> "Jiho Han" <jiho.han@infinityinfo.com> wrote in message
> news:uSE3hcoPEHA.1340@TK2MSFTNGP12.phx.gbl...
> > Should ASPNET user belong to the local Users group?
> > I may have made some changes that affected my workstation setup and
I am
> > experiencing some unexpected behaviors.
> >
> > For example, I have my IIS set up with anonymous login and have
ASP.NET
> > running.
> > My ASP.NET application then creates a log file and writes to it
during its
> > course.  The only thing is that it should not be able to.
> >
> > My questions are below.  Please correct any incorrect assumptions I
make
> as
> > well:
> >
> > 1. When IIS is in anonymous mode, ASP.NET app runs as ASPNET(or
NETWORK
> > SERVICE) user.
> > Would <identity impersonate="true"> make the app run as
IUSER_MACHINENAME
> > user?
> >
> > 2. When IIS in in windows authentication mode, ASP.NET app still
runs as
> > APNET(or NETWORK SERVICE) user unless you specify <identity
> > impersonate="true"> in which case, the app will run as the user
> > authenticated by IIS.
> >
> > Also, this may seem like a stupid question but does <identity
> > impersonate="true"> have effect on only the resources that are
requested
> by
> > the application, - i.e. file system access, directory service,
etc. - or
> > does it change the user who's making the request in the first?
> >
> > Within the app, if I queried for the current user executing the app,
would
> I
> > see IUSER_MACHINENAME in #1 and the authenticated user in #2?  If I
> > specified a user in #2 (by supplying user/pass), would I see the
specified
> > user from the app or does it only affect the access to the
resources?
> >
> > I hope the questions are not too confusing and thanks for your help.
> > Jiho
> >
> >
> >
>
>