Security :: Running App Pool Under Administrator Account?
Mar 3, 2010
We have a website that calls a utility from the command line to create thumbnails places them in a directory and then the page will display the contents of this folder to the user.The utility seems to only work when we run the application pool under an administrative account, we have tried the network service, local system, and local service all to no avail.Just wondered if anyone had an opinion on how secure/unsecure it would be if we ran the website under the administrative machine account? Does this open up a massive secuurity hole etc is it that likely that we are comprimising the network.
I have a custom ASP.NET application which is hosted in the SharePoint _layouts directory. The code uses the object model to do certain actions on a SharePoint list. I'm receiving the following error when trying to perform
[code]...
When I give my user account administrator rights on the server it works fine, so it's a permission problem, but can't figure out what it is?
I have a web service in which i am making connection to the database to get data..now i want that the app pool account should be used to make the connection and not the current user's credentials..can somebody tell me step by step what changes do i need to make like setting impersonation=true etc.
I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process(); p.EnableRaisingEvents = true; p.Exited += new EventHandler(p_Exited); p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath; p.StartInfo.WorkingDirectory = @"c:mydomain.comworking"; p.StartInfo.UseShellExecute = false; p.StartInfo.FileName = "pdflatex.exe"; p.Start(); p.WaitForExit();
From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
I'm not sure why this is happening. I have 3 client machines all using VS 2008 with team explorer. All three clients are my own and have the same login name, "Ryan". On two of the machines, the workspace owners say "Ryan" but the 3rd says "Administrator". On that one, I'm logged in as Ryan. I'd like it to be Ryan instead of Administrator but am not sure why this is happening. When I force it to use Ryan, it allows me to, but no longer appears on the list (but does show up as a workspace under the other 2 clients).
I have trawled the internet - to no avail. Woe is me.I have a .Net website running under a .Net framework 4.0 App Pool.The website references various assemblies that have been compiled for .Net 3.5.I have ensured that identical versions of the dll's and pdb's are in the bin folder of the the 3.5 code that I am trying to debug, and the reference path of the 4.0 web site. I.e. the code that I am trying to debug matched the assemblies that are loaded into the app pool's process.
When I attach the debugger using VS2008 with the solution for the .Net 3.5 code open, the breakpoints that I have set are marked as invalid (i.e. marked with an exclamation mark). When I hit refresh on a browser page that invokes the code that I am trying to debug, VS2008 raises an unmanaged code exception.I have researched In-Process Side-by-Side code execution, which is what is occurring in this instance, and is working very well; but for the life of me I cannot find any information on debugging in this scenario.It is not an option to convert the .Net 3.5 projects to use .Net 4.0, nor is it possible to convert them to use VS2010 and leave them targeting .Net framework 3.5
Is there a way to reset a user's password while logged in as an administrator? I just had to delete a user and re-create him in order to achieve the same affect of resetting his password, so I'm wondering if there is a better way to reset a password.
I'm making my first professional website. I don't know what goes on when developing websites, so my question here could be incorrect. Anyway, I want a way to have an administrator login to my website and have the ability to modify, edit, delete, or add whatever he wants on the fly. How would I do that?! I really don't think that whenever the people I'm making the website for would need changes or adding new pages would call me to do that for them! So, I must provide them with their own means of administrating their own site after I'm done with it.
I have thought about using webparts but they're not thorough for everything in the site. Also, a side question, where should I put text content of the page in? Should I store it in a database, text file, or hard code it in the page?
On the local development machine a number of users are administrators (using the asp.net administer website tool accessible via the login controls on the page).
When the site is copied to the production server, these users can still log in, but they are not administrators anymore.
I can use the same way as on the local machine to rectify this. And this works when the site is run of the development tool (visual web developer express 2010, i.e. local host).
However, the functionality (admin users can access certain websites (via if(User.IsInRole("Administrator") == true) is not working when the same code is run in the production environment real production server, not localhost). Somehow asp.net is not recognizing that users have been set to that role.
I have an application in the root. I setup BlogEngine to run in a directory of the account. There is a web config in root and another one in the directory. If I have a Web.Config in the root, then I can run application but not the blog. However, if Idisable the root web.conf then the blog will work and, as expected, the application will not work. How can I get both to work without having to integrate the Blog and the Appication? I understand this is a common problem in GoDaddy's hosting account. Has anyone found a solution?
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
We migrated our web server to window server 2008, IIS 7.
We have single sign on application - that we login through one application called "users" and then no need to login to other applications, they all use the same machine key and cookie.
it works fine when all then applications under the same application pool.
but we have one application that is asp.net 2005. (the rest are asp.net 2003) the user application is in asp.net 2003 and that other application is in asp.net 2005.
so each application is in a different application pool. -
one pool to asp.net 1.1 and other pool to asp.net 2.
when I run the asp.net 2005 application
I get the login page and after I login I get the following errer:
HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /users/Unauthorised.aspx
Important: If I switch the "user" application (the login) to work under the same pool as my asp.net 2005 application, then it works fine with the asp.net 2005 application,but I get the above error for the asp.net 2003 applications
All this happened after we switched to IIS 7 Windows 2008, with IIS 6 it works great!
Is it possible to run a web service as a particular user/service account in the same way a Windows service can?I have a service account used for connecting to the DB and want to run the webservice under this account as the users using the webservice won't have DB access.The way I see to do it is to include the Impersonate option in the Web.config file, but is there any better way to do this?
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
Is it possible to SUSPEND a user account? I want to do an application in which the admin retrieves a list of all the user accounts in the database, and select a particular one to suspend it. And, that suspended account would not be able to log in to the application?
I have used membership provider to implement my system. The system administrator can list the users. What I want to do is, administrator should be able to sign-in as the selected user. I can sign out administrator by FormsAuthentication.Signout but how can I sign in as the selected user? Passwords are hashed so I can not retrieve the passwords.
I'm using membership provider (SQL) in my application. How do I set to de-activate user account automatically after a period not being used by the users?
I am trying to build a login page as follows.On the machine on which i want to host the application i have a windows administrators group in which some windows domain users are.Now on building the login page i only want those people to access the application on login. What is the best way to acomplish this.