Security :: Running App Pool Under Administrator Account?

Mar 3, 2010

We have a website that calls a utility from the command line to create thumbnails places them in a directory and then the page will display the contents of this folder to the user.The utility seems to only work when we run the application pool under an administrative account, we have tried the network service, local system, and local service all to no avail.Just wondered if anyone had an opinion on how secure/unsecure it would be if we ran the website under the administrative machine account? Does this open up a massive secuurity hole etc is it that likely that we are comprimising the network.

View 3 Replies


Similar Messages:

Security :: Permission Problem On User Account Administrator ?

Sep 21, 2010

I have a custom ASP.NET application which is hosted in the SharePoint _layouts directory. The code uses the object model to do certain actions on a SharePoint list. I'm receiving the following error when trying to perform

[code]...

When I give my user account administrator rights on the server it works fine, so it's a permission problem, but can't figure out what it is?

View 3 Replies

Security :: Connecting Web Service To Sql Server Using App Pool Account?

Jun 15, 2010

I have a web service in which i am making connection to the database to get data..now i want that the app pool account should be used to make the connection and not the current user's credentials..can somebody tell me step by step what changes do i need to make like setting impersonation=true etc.

View 1 Replies

Security :: Code Returns Application Pool Custom Account

Oct 29, 2010

2 server web farm windows 2008 r2 nlb. In IIS I enable windows authentication all other authentication is disabled. Code behind

[Code]....
web.config
[Code]....

The code returns the application pool custom account e.g. DOMAINWebApp_user. What I want is the logged in user's username. How do I get this?

View 2 Replies

Security :: Impersonate A Connection To SQL Server Under IIS App Pool Account If Windows Authentication?

Aug 31, 2010

I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.

ASP.NET application should use Entity Framework 4.0 to work with data.

View 1 Replies

Security :: Enable Anonymous In IIS Under Windows 2003, Will Execute Code Under IUSR_XXX Or Account Of Application Pool?

Mar 16, 2011

If I enable Anonymous in IIS under windows 2003, the ASP.NET will execute code under IUSR_XXX or account of application pool?

View 3 Replies

C# - Application Running Under A Less Privileged Account Start A Process Executing Another Application Under An Administrative Account?

Mar 9, 2011

I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:

Process p = new Process();
p.EnableRaisingEvents = true;
p.Exited += new EventHandler(p_Exited);
p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath;
p.StartInfo.WorkingDirectory = @"c:mydomain.comworking";
p.StartInfo.UseShellExecute = false;
p.StartInfo.FileName = "pdflatex.exe";
p.Start();
p.WaitForExit();

From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?

View 2 Replies

Configuration :: IIS 7.5 Application Pool Identity Account And Windows Folders?

Nov 1, 2010

"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.

View 2 Replies

Visual Studio :: TFS Workspace For Client Says "Administrator" As User, But Logged In As Different Account?

Mar 12, 2010

I'm not sure why this is happening. I have 3 client machines all using VS 2008 with team explorer. All three clients are my own and have the same login name, "Ryan". On two of the machines, the workspace owners say "Ryan" but the 3rd says "Administrator". On that one, I'm logged in as Ryan. I'd like it to be Ryan instead of Administrator but am not sure why this is happening. When I force it to use Ryan, it allows me to, but no longer appears on the list (but does show up as a workspace under the other 2 clients).

View 2 Replies

Debugging .Net 3.5 Code Running Under A .Net 4.0 App Pool?

Sep 21, 2010

I have trawled the internet - to no avail. Woe is me.I have a .Net website running under a .Net framework 4.0 App Pool.The website references various assemblies that have been compiled for .Net 3.5.I have ensured that identical versions of the dll's and pdb's are in the bin folder of the the 3.5 code that I am trying to debug, and the reference path of the 4.0 web site. I.e. the code that I am trying to debug matched the assemblies that are loaded into the app pool's process.

When I attach the debugger using VS2008 with the solution for the .Net 3.5 code open, the breakpoints that I have set are marked as invalid (i.e. marked with an exclamation mark). When I hit refresh on a browser page that invokes the code that I am trying to debug, VS2008 raises an unmanaged code exception.I have researched In-Process Side-by-Side code execution, which is what is occurring in this instance, and is working very well; but for the life of me I cannot find any information on debugging in this scenario.It is not an option to convert the .Net 3.5 projects to use .Net 4.0, nor is it possible to convert them to use VS2010 and leave them targeting .Net framework 3.5

View 1 Replies

Security :: How An Administrator Can Change Other Users Password

Jan 28, 2010

I have a website in asp.net 3.5(C#). I have configured asp.net membership module in my website.

Now I want to add the functionality so that an admin can change the passwords of other users.

View 7 Replies

Security :: Reset User's Password As An Administrator

Mar 15, 2010

Is there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.

View 1 Replies

Security :: Administrator View - Modify, Edit, Delete, Or Add?

Mar 30, 2010

I'm making my first professional website. I don't know what goes on when developing websites, so my question here could be incorrect. Anyway, I want a way to have an administrator login to my website and have the ability to modify, edit, delete, or add whatever he wants on the fly. How would I do that?! I really don't think that whenever the people I'm making the website for would need changes or adding new pages would call me to do that for them! So, I must provide them with their own means of administrating their own site after I'm done with it.

I have thought about using webparts but they're not thorough for everything in the site. Also, a side question, where should I put text content of the page in? Should I store it in a database, text file, or hard code it in the page?

View 8 Replies

Security :: Production Server - How To Maintain Administrator Status For Certain Users

Jan 4, 2011

On the local development machine a number of users are administrators (using the asp.net administer website tool accessible via the login controls on the page).

When the site is copied to the production server, these users can still log in, but they are not administrators anymore.

I can use the same way as on the local machine to rectify this. And this works when the site is run of the development tool (visual web developer express 2010, i.e. local host).

However, the functionality (admin users can access certain websites (via if(User.IsInRole("Administrator") == true) is not working when the same code is run in the production environment real production server, not localhost). Somehow asp.net is not recognizing that users have been set to that role.

View 1 Replies

Configuration :: Running Two Domains On One GoDaddy Hosting Account

Jul 15, 2010

I have an application in the root. I setup BlogEngine to run in a directory of the account. There is a web config in root and another one in the directory. If I have a Web.Config in the root, then I can run application but not the blog. However, if Idisable the root web.conf then the blog will work and, as expected, the application will not work. How can I get both to work without having to integrate the Blog and the Appication? I understand this is a common problem in GoDaddy's hosting account. Has anyone found a solution?

View 3 Replies

Security :: Windows Integrated Security And Application Pool Identity?

Aug 9, 2010

My website security is configured with "Windows Integrated Security" only (anonymous is disabled).

I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.

Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).

It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.

My server is Windows Server 2003 R2, running IIS 6.0­.

View 1 Replies

Security :: Source Code For A Login System Where Administrator Can Be Directed To A Different Menu?

Feb 3, 2010

provide me the source code for a login system where administrator can be directed to a different menu than the members.

View 2 Replies

C# - How To Create Threads In Webpages From CLR Thread Pool Instead Of Pool

Oct 24, 2010

If I create a new thread on an ASP.NET page the IsThreadPoolThread property is true.

First question is, is it from ASP.NET pool or CLR pool ?

Second question is, if it is from ASP.NET pool then how to create a thread from CLR and don't use ASP.NET pool ?

View 3 Replies

Security :: Single Sign On IIS 7 Multiple Application Pool

Oct 20, 2010

We migrated our web server to window server 2008, IIS 7.

We have single sign on application - that we login through one application called "users" and then no need to login to other applications, they all use the same machine key and cookie.

it works fine when all then applications under the same application pool.

but we have one application that is asp.net 2005. (the rest are asp.net 2003) the user application is in asp.net 2003 and that other application is in asp.net 2005.

so each application is in a different application pool. -

one pool to asp.net 1.1 and other pool to asp.net 2.

when I run the asp.net 2005 application

I get the login page and after I login I get the following errer:

HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested Url: /users/Unauthorised.aspx

Important: If I switch the "user" application (the login) to work under the same pool as my asp.net 2005 application, then it works fine with the asp.net 2005 application,but I get the above error for the asp.net 2003 applications

All this happened after we switched to IIS 7 Windows 2008, with IIS 6 it works great!

View 2 Replies

WCF / ASMX :: Running A Web Service User Service / Domain Account?

Mar 28, 2011

Is it possible to run a web service as a particular user/service account in the same way a Windows service can?I have a service account used for connecting to the DB and want to run the webservice under this account as the users using the webservice won't have DB access.The way I see to do it is to include the Impersonate option in the Web.config file, but is there any better way to do this?

View 1 Replies

Security :: Running Application Under The Security Context Of The Logged In User (LDAP Authentication)

Mar 17, 2011

We are using membership provider for LDAP authentication. It is working as it should.

But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.

We need to have this working because all the permissions on the database are based on the logged in user.

We are using form authentication for LDAP authentication. And having impersonation = true in web.config.

View 1 Replies

Security :: Possible To Suspend A User Account

Jan 16, 2011

Is it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?

View 4 Replies

Security :: How To Switch To Another User Account

May 30, 2010

I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.

View 5 Replies

Security :: De-activate Account After A Period Not Being Used?

Mar 2, 2010

I'm using membership provider (SQL) in my application. How do I set to de-activate user account automatically after a period not being used by the users?

View 4 Replies

Security :: Login Page Using Domain Account?

Feb 8, 2010

I am trying to build a login page as follows.On the machine on which i want to host the application i have a windows administrators group in which some windows domain users are.Now on building the login page i only want those people to access the application on login. What is the best way to acomplish this.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved