Configuration :: IIS 7.5 Application Pool Identity Account And Windows Folders?
Nov 1, 2010
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
In IIS Manager center pane, there is an icon titled "Authentication" as follows: Clicking the icon, we get 3 items as follows: Right clicking the Anonymous Authentication and select edit, we have: Question: which one should I use? What is the difference?
I am asking this out of curiosity. I got the following error when this is not enabledAn attempt was made to load a program with an incorrect formatThis is related to loading a class library but this particular class library is compiled for any CPU with VS2010 64 bit running on Win7 64-bit
I am working on Windows 2008 Server (64-bit). I want to execute my web service as a pure (native) 64 bit service. All the assemblies referred by the web service are currently built as 'AnyCPU'.
When I publish the web service to IIS, and configure it to run under a 64-bit application pool (by setting 'Enable 32-Bit applications' = false), attempt to access the web service gives the error 'Application is not a valid Win32 application' because of a BadImageFormatException. This appears to indicate that somewhere an attempt is being made to load a 32 bit assembly. But the error does not provide any information about which assembly was found with an incorrect format. I have checked all the assemblies in the bin folder using corflags and they are bit agnostic.
I tried using the fusion log and identified a bind failure with VJSharpCodeProvider (though my service is coded only in C#). The runtime is not able to find the VJSharpCodeProvider because it is present in the GAC as an x86 assembly.
Is VJSharpCodeProvider the cause of the problem? I guess this is not the case because of the type of exception (BadImageFormatException). If I am correct, then how do I identify the assembly that is causing this exception?
If I change the property 'Enable 32-Bit applications' to true for the application pool, the service works fine, but I need native 64-bit execution.
I have this web application where I need the currently logged in windows user Identity. I server on which I deployed this application does not support virtual directories. And I am not sure if that server is configured for "Integrated Windows Authentication."
I tried using: System.Security.Principal.WindowsIdentity.GetCurrent().Name; Request.ServerVariables["AUTH_USER"]; HttpContext.Current.User.Identity.Name;
All these work and retrieve the appropriate currently logged in windows username when the application isn't deployed. But when I deploy it on this particular server, these methods do not give me nothing.
I currently have a client with a SharePoint site that wants to incorporate an (already written) ASP.NET application within a webpart in the SharePoint site. The ASP.net application currently uses an IIS impersonation account to connect to the SQL database.
Some added functionality the client is requesting would require me to grab the user's windows login identity to use the SharePoint UserProfileWebService to query the PropertyPages for that specific user. Because the (already written) ASP.NET application uses impersonation, when I grab the WindowsIdentity.GetCurrent().Name, I get the impersonation account and not the actual user's account.
Is there a way to keep the current setup (impersonation account on IIS to connect to SQL) and still grab the logged in user's credentials? Or would a better way about this be to change IIS to consume the Windows Identity of the logged in user and encrypt the connection string in the web.config?
Our website has all of the publicly accessible pages at the root and private pages (login required) in a folder below the root (call it "private").Private pages are accessed as
www.oursite.com/private/somepage.aspx.I want to run the pages in the private folder in a separate application pool without changing the URL for private users.I tried making the private folder a virtual directory but then the pages in the private folder did not render(I think because it did not find a web.config in the private folder).Is the answer to simply put a copy of the web.config that resides at the root in the private folder or is that problematic?
I have a web site running on IIS7 on a remote server. I would like to do the following: Create a new subfolder under the root virtual directory. Create a new app pool. Add this new app pool to the new subfolder Normally, I would do this manually in IIS by first creating the app pool, and then right-clicking the sub folder an choose "add application", but I need to do this programmatically in C#. I've managed to make the above points 1 and 2 work, but I can't find the way to adding the application to the sub folder. This is the code I have used so far for 1 and 2:
[Code]....
So, I need to add "MyAppPool" to the "NytSite" folder. Is this even the correct way to do this?
I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process(); p.EnableRaisingEvents = true; p.Exited += new EventHandler(p_Exited); p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath; p.StartInfo.WorkingDirectory = @"c:mydomain.comworking"; p.StartInfo.UseShellExecute = false; p.StartInfo.FileName = "pdflatex.exe"; p.Start(); p.WaitForExit();
From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?
We have a website that calls a utility from the command line to create thumbnails places them in a directory and then the page will display the contents of this folder to the user.The utility seems to only work when we run the application pool under an administrative account, we have tried the network service, local system, and local service all to no avail.Just wondered if anyone had an opinion on how secure/unsecure it would be if we ran the website under the administrative machine account? Does this open up a massive secuurity hole etc is it that likely that we are comprimising the network.
I have a web service in which i am making connection to the database to get data..now i want that the app pool account should be used to make the connection and not the current user's credentials..can somebody tell me step by step what changes do i need to make like setting impersonation=true etc.
I created an application that basically takes the values from a bunch of fields on the page and adds the data to a SQL database table when I click the 'submit' button. However, I created the file directly under the website path, and I created it while it was like that and I tested it without any user authentication going on.
Now, I'd moved it into the ~/Account/etc/... path, because I only want it to be used by authenticated users, and it loads just fine, but when I click the 'submit' button as I used too, it doesn't seem to be loading the info in the database anymore. Why would that happen? do I need to enable SQL to work with the authentication as well?
Often, out of sheer desperation I will end up enabling "Everyone" access on a folder that a web app is accessing (perhaps for file creation, reading, etc) because I can't figure which user account to enable access on.
Obviously, this is a very bad thing to do. Is there a way to determine what account IIS is using at that exact moment to access folders (and perhaps other resources like SQL Server, etc)?
Are there logs I can look at that will tell me? Or perhaps some other way? I usually use Windows Auth without impersonation. Not sure if that information is relevant.
I have a website with the below structure for saving product images:
~/fileserver/{user_id}/{file_id}.{file_extension}
I want to restrict access to each {user_id} folder and let only the specific user to retrieve that image. How this can be done? Do I have to set something in IIS?
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
I have an asp.net application which was working fine with the AppPool Identity set to Netwrok Service or Local System or Local Service. But If I change the app pool identity to a domain account (I am using my account itself) I am unable to access the application from any other machine except the web server.I am using Windows Integrated Authentication.I tried resetting IIS, Restart W3SVC, aspnet_regiis -ga . But no luck.
I running MS-Access desktop application, i would like to host it to web through ASP.Net (Only report purpose). regular data we keying in through desktop. is it possible for host through crystal report?