Re: IUSR_machinename vs ASPNET

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Cor Ligthert (notfirstname_at_planet.nl)
Date: 09/20/04

• Next message: Cor Ligthert: "Re: How to read binary data into a STRUCT?"
• Previous message: Cor Ligthert: "Re: Disable Adding New Records in a DataGrid Control"
• In reply to: Andrew J Fortune: "IUSR_machinename vs ASPNET"
• Next in thread: Paul Clement: "Re: IUSR_machinename vs ASPNET"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 20 Sep 2004 08:07:10 +0200

Andrew,

Did you know that there is a newsgroup

microsoft.public.dotnet.framework.aspnet

Probably you get a quicker answer there,

Cor

"Andrew J Fortune"

> Hello all,
>
> I am trying to ascertain the difference, in terms of access and
> privileges, between the Internet Guest User Account (IUSR_machinename,
> where machinename is the name of your computer) vs. the ASPNET user
> (ASP.NET machine account).
>
> If you write a web application, you can configure it via its
> web.config file. One of the things you can do is set the impersonate
> attribute in the <identity> tag. If you set it (impersonate) to true,
> and you additionally qualify the username and password attributes, the
> visiting user can impersonate that specific account.
>
> However, if you don't qualify username/password, but still set
> impersonate = true, I understand that it defaults to impersonating
> IUSR_machinename.
>
> Finally, if you set impersonate=false, the user's scope defaults to
> that of ASPNET.
>
> The default settings on my machine are that IUSR_machinename is part
> of the Guests group, and ASPNET is part of the Users group. But,
> according to the description, these two groups have the same
> privileges.
>
> So then, what is the difference between setting the visiting user as
> IUSR_machinename vs setting him/her as ASPNET ??
>
> I have done a lot of reading on this, but the answer eludes me.
>
> Any help appreciated.
>
> regards,
> Andrew J Fortune,
> Melbourne,
> Australia

---

• Next message: Cor Ligthert: "Re: How to read binary data into a STRUCT?"
• Previous message: Cor Ligthert: "Re: Disable Adding New Records in a DataGrid Control"
• In reply to: Andrew J Fortune: "IUSR_machinename vs ASPNET"
• Next in thread: Paul Clement: "Re: IUSR_machinename vs ASPNET"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages IUSR_machinename vs ASPNET ... privileges, between the Internet Guest User Account (IUSR_machinename, ... where machinename is the name of your computer) vs. the ASPNET user ... (ASP.NET machine account). ... One of the things you can do is set the impersonate ... (microsoft.public.dotnet.general) Re: <identity impersonate="true"> question ... The default setup used to be to run the ASPNET worker ... Does your app actually need to create categories? ... Windows authentication, and impersonate the authenticating user? ... (microsoft.public.dotnet.framework.aspnet.security) Re: impersonation in a sub thread ... A COM+ server runs outside the ASPNET context and can assume any identity ... > security context of the parent process. ... > E.g. when a webapplication that is set to impersonate ... > After giving that privilege to ASPNET, ... (microsoft.public.dotnet.framework.aspnet.security) Re: Impersonation in threads in web application ... Perhaps you could try to change the user that aspnet uses to SYSTEM. ... guessing you are running under the MACHINE user. ... > thread - it is created under ASPNET user and when I try to impersonate it ... (microsoft.public.dotnet.security) Re: Window login for applications ... Andrew ... > You may impersonate current thread with SetThreadTokenfunction. ... >> I have users loggin in to the Windows OS as Power Users but there are ... (borland.public.delphi.thirdpartytools.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.general  > 2004-09