IUSR_machinename vs ASPNET

From: Andrew J Fortune (mathman_at_ains.net.au)
Date: 09/20/04

• Next message: Job Lot: "ComponentOne Chart control"
• Previous message: hari krishna: "generate excel reports through asp.net"
• Next in thread: Cor Ligthert: "Re: IUSR_machinename vs ASPNET"
• Reply: Cor Ligthert: "Re: IUSR_machinename vs ASPNET"
• Reply: Paul Clement: "Re: IUSR_machinename vs ASPNET"
• Messages sorted by: [ date ] [ thread ]

---

Date: 19 Sep 2004 19:07:01 -0700

Hello all,

I am trying to ascertain the difference, in terms of access and
privileges, between the Internet Guest User Account (IUSR_machinename,
where machinename is the name of your computer) vs. the ASPNET user
(ASP.NET machine account).

If you write a web application, you can configure it via its
web.config file. One of the things you can do is set the impersonate
attribute in the <identity> tag. If you set it (impersonate) to true,
and you additionally qualify the username and password attributes, the
visiting user can impersonate that specific account.

However, if you don't qualify username/password, but still set
impersonate = true, I understand that it defaults to impersonating
IUSR_machinename.

Finally, if you set impersonate=false, the user's scope defaults to
that of ASPNET.

The default settings on my machine are that IUSR_machinename is part
of the Guests group, and ASPNET is part of the Users group. But,
according to the description, these two groups have the same
privileges.

So then, what is the difference between setting the visiting user as
IUSR_machinename vs setting him/her as ASPNET ??

I have done a lot of reading on this, but the answer eludes me.

Any help appreciated.

regards,
Andrew J Fortune,
Melbourne,
Australia

---

• Next message: Job Lot: "ComponentOne Chart control"
• Previous message: hari krishna: "generate excel reports through asp.net"
• Next in thread: Cor Ligthert: "Re: IUSR_machinename vs ASPNET"
• Reply: Cor Ligthert: "Re: IUSR_machinename vs ASPNET"
• Reply: Paul Clement: "Re: IUSR_machinename vs ASPNET"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: IUSR_machinename vs ASPNET ... privileges, between the Internet Guest User Account (IUSR_machinename, ... where machinename is the name of your computer) vs. the ASPNET user ... (ASP.NET machine account). ... One of the things you can do is set the impersonate ... (microsoft.public.dotnet.general) Re: Security- access to Event Viewer- SOS ... Actually, if an web application must create a new event log category, the ... which the ASPNET account cannot do (If we set ... I impersonate in the code to the local administrator. ... (microsoft.public.dotnet.framework.aspnet) Re: Sql Reporting Serviced - > ASP.NET ACCESS DENIED! ... The account you are logging in to when on the server doesn't have the ... do you have <Impersonate> set to True? ... > Exception Details: System.UnauthorizedAccessException: Access to the path ... (microsoft.public.dotnet.framework.aspnet.security) Re: How to use WindowsPrincipal properly?? ... > If you want to check if the user is in the local computers security group ... > used by the general public you have to use Basic Authentication of course. ... You can logon a set account ... > WindowsIndentity which is then used to Impersonate. ... (microsoft.public.dotnet.framework.aspnet.security) RE: Impersonate ... saving a Excel document in ASP.NET webapplication, ... Regarding on the problem you mentioned, I think the account is the first ... You should either impersonate through the web.config setting or use code. ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.general  > 2004-09