How Do I Determine the Security Account that IIS Uses to Run My Web Site?

It's important to understand the account that IIS is running under when you need to make changes to the security settings. If, for example, your Web application writes to files or to a database, you'll need to grant the correct permissions to the folder or database. Before you can change these security settings, it's important the know what account IIS is using. This FAQ details the various options available, both for "classic" ASP and ASP.NET applications.

There is a big difference between classic ASP and ASP.NET applications when it comes to determining the user's context that IIS is running under, so this FAQ is divided in two sub sections that explain how to determine the account that IIS uses:

Classic ASP

By default, for a Web site that allows anonymous access, this account is called IUSR_MachineName where MachineName is the name of your computer. However, when you are using a security mechanism in IIS other than Anonymous Access, you manually changed the account that IIS uses or you're running your Web site " Out Of Process", you're likely to encounter another user account. The following table lists the possible user accounts that IIS is using in various scenario's:

Scenario Account Used
The Web site or Virtual Directory / Application is configured for Anonymous Access

 
IUSR_MachineName
The Web site or Virtual Directory / Application is configured for Anonymous Access, but runs out of process (The Application Protection is set to High in the Home Directory or Virtual Directory tab of your Web application)

 
IWAM_MachineName
The Web site or Virtual Directory / Application is configured for Basic Authentication or Integrated Windows Authentication

 
The account you used to log on to your Web application
The Web site or Virtual Directory / Application is configured for Anonymous Access, but you manually changed the account used for anonymous access

 
The account you specified


To find out how your system is configured, follow these steps:

  1. Start the Internet Information Services management console, which you'll find the under Administrative Tools which in turn you'll find either directly on the Start Menu, or in the Windows Control Panel.

    The IIS Management Console Figure 1: The Internet Information Services MMC snap-in

     
  2. Expand the tree in the left hand pane until you see Default Web Site. If you're configuring another Web site, or a Virtual Directory / Application, locate that one instead. This article assumes you're configuring the Default Web Site, so make sure you adjust any steps to match your situation if necessary.
     
  3. Right-click the Default Web Site in the tree at the left and choose Properties.
  4. Open the Directory Security tab and then click the Edit... button in the Anonymous access and authentication control section of the dialog. You'll see a screen similar to this one appear:

    The Authentication Methods dialog in IIS for the Default Web Site
    Figure 2: The Authentication Methods dialog in IIS for the Default Web Site

    If Anonymous access is checked (as in the screen shot above), the user name you see in the User name field is the account that IIS is using. If Anonymous access is not checked, and Basic and / or Integrated Windows authentication are checked, the account you use to log on to your Web site is used by IIS. Note that when Anonymous access is enabled, it doesn't really matter whether Basic and or Integrated authentication are checked as well; the account that IIS is using will still be the anonymous, or IUSR_MachineName, account.
     
  5. Finally you have to check whether your site is running Out of Process. To do so, close the Authentication Methods dialog, and switch to the Home Directory tab on the Default Web Site Properties dialog:

    The Home Directory tab of the Default Web site Properties dialog
    Figure 3: The Home Directory tab of the Default Web site Properties dialog

    If Application Protection is set to High (Isolated ) and you are using Anonymous Access, the account that IIS is using is the IWAM_MachineName account. In all other scenario's, IIS is using the account you determined in the previous step.

ASP.NET

For ASP.NET, things are a bit different. By default, ASP.NET will run under a special account called ASPNET. This account is a "least privileged" account which means it's pretty restricted in the things it can do on your system. To make things a bit more confusing, on Windows Server 2003, an account called "Network Service" is used by default instead of the ASPNET account.

So, whether you are using Anonymous Access or Basic / Integrated security, the account is always the ASPNET or Network Service account. However, you can change this by modifying the Web.Config file for the application. To make the change, you can add an <identity impersonate="true" /> to the <system.web> section. If you add the element, IIS will impersonate the current user and use that account instead of the ASPNET account. This means that with Anonymous Access enabled, this account is the anonymous account. Usually, this will be the IUSR_MachineName account, but check out step 4 of the instructions for classic ASP to find out whether that is true or not in your situation.

If you're not using Anonymous Access, but Basic or Integrated Security instead, the account that is used is the one that the current user is logged on with. You can also explicitly specify an account that you want to use by setting the userName and password attributes of the <identity> element.

The following table lists the various possibilities. The first column determines whether or not impersonation has been enabled in the Web.Config file. The second and third column list the options for Anonymous Access and no Anonymous Access respectively:

ASP.NET Impersonation Anonymous Access No Anonymous Access (Basic, Integrated etc)
Disabled ASPNET or Network Service account ASPNET or Network Service account
Enabled IUSR_MachineName The authenticated user
Enabled with a specified user account The specified account The specified account

References

The following articles provide more and detailed information about configuring security in ASP.NET:


 


Where to Next?

Wonder where to go next? You can read existing comments below or you can post a comment yourself on this article .


Consider making a donation
Please consider making a donation using PayPal. Your donation helps me to pay the bills so I can keep running Imar.Spaanjaars.Com, providing fresh content as often as possible.



Feedback by Other Visitors of Imar.Spaanjaars.Com

On Monday, February 14, 2005 7:00:14 PM Ulrich Alain said:
Hi,

It's very nice this article.

I am working with one project on ASP.Net Visual Studio.Net 2003.
I am using a local server IIS on Windows XP prof.

I have given write access to my catalog from the IIS manager.

I am actually facing problem about writing access to xml files on the server.

How and where to make sure that ASPNET windows account has enough security to write to files on the server?

Thank you :)

best regards.
On Monday, February 14, 2005 7:03:58 PM Imar Spaanjaars said:
Hi Ulrich,

I think you want to check out this FAQ "How Do I Allow My Web Application to Write to Files, Folders and Databases?" located here:

http://Imar.Spaanjaars.Com/QuickDocId.aspx?QUICKDOC=290

Basically, enabling Write permissions through the IIS manager is not enough; you'll need to grant the appropriate permissions to the folder you want to write to on your NTFS disk.

HtH,

Imar
On Monday, February 14, 2005 9:45:15 PM Ulrich Alain said:
I got this error many many time. even after the read/write access from IIS server.

Cannot write to XML file because System.UnauthorizedAccessException: Access to the path "C:\MyCommerceSite\AfroShop\guestbook4\db\guest.xml" is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String str) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at ASP.guestpost_aspx.Submit_Click(Object sender, EventArgs e) in C:\MyCommerceSite\AfroShop\guestbook4\guestpost.aspx:line 69

Any Solution?

Thank you for your support.

Alain
On Monday, February 14, 2005 10:00:53 PM Imar Spaanjaars said:
Did you give write access to the folder C:\MyCommerceSite\AfroShop\guestbook4\db\ for the account that is used by IIS as per the instructions in that article? (Probably ASPNET or Network Service). Did you grant the permissions on th NTFS system, or just in IIS?
For what account did you set the permissions? And what permissions did you set?

If this doesn't help, please use the Contact page to send me a message directly. Or better yet, post your question at http://p2p.wrox.com/

Imar
On Monday, February 14, 2005 10:54:01 PM Ulrich Alain said:
Hi Imar :-)

I have solve the problem that I was facing since many many weeks!
Without your site and your recommendations, I couldn't have been able to manage it.
I followed step by step your article on "How Do I Allow My Web Application to Write to Files, Folders and Databases?" and I fix the problem.

Så I really thank you so much :) :)

Så many have posted the same problem somewhere, but without god tips.

I really appreciate.

Best regards, Alain

On Wednesday, March 16, 2005 1:51:29 AM lakshmi said:
Hi,
This article is very useful. Right now I am doing similar work in my project, but, I am facing some problem. I have visited all the links you have suggested, but still, couldn't get right answer.
I am working on an intranet web site of our corporation. And I am using Forms Authentication and Authorization against Active Direcory. Till the Authentication part, it is working fine. It is identifying my username and displaying that. But, whenever I add code to Authorize the User to provide further realtive access to pages, there it is blowing up. It is printing an error message
"Error authenticating. Error obtaining group names. Object reference not set to an instance of an object." once I provide the credentials on the same logon page. Compilation part is going good.
Any solution definitely helps me. Searching all possible avenues past 10 days. The more dead line comes closer I am getting tensed up.
Awaiting your reply, Thanks,
On Wednesday, March 16, 2005 7:19:48 AM Imar Spaanjaars said:
Hi there,

This sounds like a code error rather than a permission issue to me. It's hard to tell what's going on without seeing your code.
I suggest you post your question somewhere at one of the forums over at http://p2p.wrox.com/

Cheers


Imar
On Tuesday, April 19, 2005 4:37:44 PM ulrich Alain said:
Salut,

I am building a web application with VB.Net and I would like to generate popup window images with informations when clicking on image products.

Suppose I have many images "image_1.jpg", "image_2.jpg",... inside my product catalog: "ProductImages". These images are stored in the database. Here is the code that brings out products on my webpage when requested:

<img src='ProductImages/<%# DataBinder.Eval
(Container.DataItem, "ImagePath") %>' border="0"
vspace="10">

Each image has a unique productID with differents descriptions. Can you please help me to manage that?

I use VB.Net.

Thank you very much :-)
On Tuesday, April 19, 2005 7:30:58 PM Imar Spaanjaars said:
To make that work, you'll need to hook into the ItemCreated event of your data control.
Inside that event, you can look at the arguments passed to it (passed as e, usually), and then use either FindControl or the Cells collection to get a reference to your image.
Once you have the image, you can use its Attributes collection to add some JavaScript....

This assumes that your ProductImages catalog is a data control, like a Repeater or DataGrid.

If this doesn't help, please post your question at http://p2p.wrox.com, provide some more detail about the actual page and send me a link to the post.


Imar
On Tuesday, May 24, 2005 2:21:45 PM Ulrich Alain said:
Hi Imar,

I have a website runing on my local computer using:

- VB.Net in Visual Studio.Net 2003
- MSDE (MS SQL Server)

How can I make an executable file to deploy my application?

Thank you very much.
Regards,

Ulrich
On Tuesday, May 24, 2005 5:32:22 PM Imar Spaanjaars said:
Hi Ulrich,

Please don't use the Talk Back feature as your personal message board. This question is not related in any way to the topic of my article.

Please use a forum like http://p2p.wrox.com for questions like this.

Cheers,

Imar
On Saturday, January 21, 2006 4:01:15 AM Andy Genao said:
Dude,

Your article was excellent. I was stuck for about an hour on this error. I would have never figured it out on my own.

Thank you!
Andy G.
On Saturday, March 25, 2006 9:45:01 PM John F said:
Thanks for the nice summary,

Can anyone point to any documentation for this statement:

>> If Application Protection is set to High (Isolated ) and you are using Anonymous Access, the account that IIS is using is the IWAM_MachineName account. In all other scenario's, IIS is using the account you determined in the previous step.


It is hard for me to believe that it would ignore the fact that I have IUSR_ specified and use IWAM instead ? - is this different on XP VS 2000 (VS 2003?)
On Sunday, March 26, 2006 12:25:26 AM Imar Spaanjaars said:
Hi John,

Hard to believe, but I believe it's true nonetheless. When you run "out of process", a separate process is spawned (dllhost.exe). The account that this process runs under is the IWAM account. If you look under COM+, you'll see that a new application has been configured for the web site. The identity used by the process is IWAM_MachineName.

I couldn't find a definite answer on one of the Microsoft sites, but here are a few pointers to articles mentioning IWAM:

http://support.microsoft.com/kb/q236855/
http://support.microsoft.com/default.aspx?scid=kb;en-us;255770
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/dbeeb5c4-c1a7-42cd-8e03-6513fc08aa92.asp
http://www.microsoft.com/technet/community/columns/insider/iisi0503.mspx#ESC

Notice that this behaves differently on Windows Server 2003. IIS 6 (Server 2003) doesn't use IWAM, but uses a different account called Network Service instead.
Windows 2000 and XP are pretty similar, because the web server they use are similar (IIS 5 vs IIS 5.1)

Funny thing is, I just tried this on my XP Pro machine, and I couldn't get a clear reproducible scenario for configuring IUSR and IWAM. Will try this some day on a clean XP installation....

Hope this helps a little,

Imar
On Sunday, May 14, 2006 7:32:33 PM Kevin said:
Thanks for this article and 263, which I found very helpful.

The trouble is though,  after enabling impersonation and giving the IUSR_machine account update rights to my Access database folder even the dataset Fill method wouldn't work and I got a different error:

System.Data.OleDb.OleDbException: Unspecified error

But when I removed the new web.config file that I had created and gave update rights for the database folder to the default ASPNET account, everything worked perfectly. Is there any reason why you cannot do this, because it simplifies things a lot.
On Tuesday, May 16, 2006 5:53:59 PM Imar Spaanjaars said:
Hi Kevin,

Do you get more information than that? Or do you only get this error?

Maybe you should post this on a forum like http://p2p.wrox.com. If you do so, be sure to post a bit more information about your setup and post the relevant code. If you send me the link, I'll take a look.

Cheers,

Imar
On Thursday, June 15, 2006 10:21:21 PM Sylvester said:
Imar, u're doing a wonderful job. I tried this solution and ultimately got the same problem as Kevin (Sunday 5/14/2006 9:32:33 PM Kevin said: ).

I just says "Unspecified error" and breaks down so...

[OleDbException (0x80004005): Unspecified error]
   System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection) +1054705
   System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject) +53
   System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup) +27
   System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +47
   System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105
   System.Data.OleDb.OleDbConnection.Open() +37
   System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +121
   System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +137
   System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) +83
   System.Web.UI.WebControls.SqlDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +1770
   System.Web.UI.WebControls.AccessDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +74
   System.Web.UI.WebControls.ListControl.OnDataBinding(EventArgs e) +92
   System.Web.UI.WebControls.ListControl.PerformSelect() +31
   System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +70
   System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +82
   System.Web.UI.WebControls.ListControl.OnPreRender(EventArgs e) +26
   System.Web.UI.Control.PreRenderRecursiveInternal() +77
   System.Web.UI.Control.PreRenderRecursiveInternal() +161
   System.Web.UI.Control.PreRenderRecursiveInternal() +161
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1360

..When i attempt to load my ASP.NET page. Your help would really be appreciated...Thanx
On Sunday, June 18, 2006 12:10:17 PM Imar Spaanjaars said:
Hi Sylvester,

I can give you the same answers as I gave to Kevin.

Can you post this on a forum like http://p2p.wrox.com. If you do so, be sure to post a bit more information about your setup and post the relevant code. If you send me the link, I'll take a look.

Cheers,

Imar
On Thursday, July 27, 2006 4:37:32 PM ROb Tabberner said:
Super article matey (How Do I Determine the Security Account that IIS Uses to Run My Web Site? )Saved me some considerable time. Especially the .NET bit about IUSR.

Also clarified and consolidated my knowledge of clasiic ASP security.


Spot on.
On Sunday, July 30, 2006 8:32:18 PM jxn said:
thank you!    I was getting ASPNET account cant login into default db, and adding the [identity impersonate="true" /]  tag fixed the problem.  
On Friday, August 25, 2006 2:53:27 AM Angela said:
Thank you so much!!!!!!!  I couldn't figure this out and this article was excellent!!!!!!  
On Monday, August 28, 2006 10:15:21 PM mario said:
I am running an access 2000- asp.net 2 application and when I try to update my database I am getting the usual error: System.Data.OleDb.OleDbException: Operation must use an updateable query.

But I it happens only when I run my application on the remote server (ie: http://www.albertosughi.com/access/gv_details.aspx?OpereID=1399
However the database runs and updates perfectly when I run it on my local host machine.

Mario
On Tuesday, August 29, 2006 5:55:52 AM Imar Spaanjaars said:
Hi mario,

Well, it looks like you need to carry out the same steps to configure the security on the remote server as well.

Imar
On Tuesday, August 29, 2006 5:03:35 PM Mario said:
Dear Imar thanks for your attention and help.
I contacted my Server Provider and finally the problem was solved:
That was their answers
"We correctly identified what the problem was for yourself and a handful of other customers. User accounts have been updated and as such the problems should now be resolved."
On Saturday, October 28, 2006 5:51:00 AM fred said:
thanks
On Thursday, November 09, 2006 12:53:58 PM shar said:
I have same problem .... --->
Exception Details: System.UnauthorizedAccessException: Access to the path "d:\hosting\wtmcindia\dotnet\csharp mail.txt" is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via identity impersonate="true"/, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.--->
i have tried impersonate = true, it as for uname and pass everytime aspx page is loaded...
However when I hard code the uname and password to impersonate in webconfig file it says an config error::::----->
Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password
can yu pls tell me what uname and password should i give in impersoname uname and pass so tht it does not gibve the prob.

On Thursday, November 09, 2006 7:41:01 PM Imar Spaanjaars said:
Hi shar,

Are you sure you want to use impersonation? Normally, you don't need impersonation and granting the ASPNET or Network Account the necessary permissions is enough.

When you tried to setup impersonation, what account did you use?

Imar
On Friday, November 10, 2006 4:45:18 AM shar said:
Hi
I really dont want to use impersonation, however with the option for hardcoding the Uname and pass in webconfig file.
Currently i post my ewbsite pages from my winxp(home) and use frontpage and a lot of asp. But I wanted to upgrade to .net so I posted 1 page in which I had used CDO method for sending mails with attachment as newsletter. now the problem I faced that I cannot save the file on the server thru my .net program, so as per yur article I impersonated = true in my webconfig file, so it started to work but it ask for my website uname and pass everytime i access the page to send email. So I tried shifted by putting u name and pass along with imp=true, so it created another problem as config error, uname and pass not recognisable.
I cannoit setup temp aspnet account as I work with xp(home).
Please help me with setting my webconfig as imper=true and uname and pass working fine....

thanks
On Friday, November 10, 2006 6:39:13 AM Imar Spaanjaars said:
Hi shar,

Take a look at this article to find out how to set the security permissions on your disk:

http://www.spaanjaars.com/QuickDocId.aspx?quickdoc=290

If you don't see a Security tab in XP Home, check out this FAQ:

http://www.spaanjaars.com/QuickDocId.aspx?quickdoc=286

Hope this helps,

Imar
On Monday, November 13, 2006 7:26:18 AM shar said:
Hi Imar

Just tell me 1 basic piece of information, while sending mail from my webserver, do I need any kind of permission from my hosting comp. to write the attached file temporarily ? in the folder which I am using with server.mapPath syntax

And

Do yu have the code for MHTML body in C# ?
On Saturday, November 18, 2006 12:41:57 PM Imar Spaanjaars said:
Hi shar,

Yes, if you want to write to a temp file, the process account needs permissions to the location where you write that file.

Cheers,

Imar
On Saturday, November 18, 2006 1:03:49 PM shar said:
Hi Imar

I have a hosting account with godaddy and I have asked them about the permission, however they denied /refused me to give any knid of permission on any folder.. Any other way out? It seems impersonation is the only way out for me!!!!

And pls tell the C# mhtml code.. I have the code but it converts the HTML page to MHTML unlike where in classic asp it is an inbuilt component of CDO.message

Please help
On Saturday, November 18, 2006 1:17:02 PM Imar Spaanjaars said:
Hi shar,

If your ISP doesn't give you permissions, you're out of luck. It would be too easy to hack a server if there was a way around this, don't you think? Talk to your ISP again and explain them the situation. If that doesn't help, you should probably switch ISPs. Using impersonation isn't going to help. I don't think the account you're going to impersonate has permissions to write to files.

Don't know what MHTML you're talking about, so I can't help with that.

Imar
On Sunday, November 19, 2006 8:15:23 AM shar said:
Hi Imar,

I tried with impersonation once, everything worked fine, however there only 1 problem, when I used my aspx to send mail it was OK but when I use the the same aspx for sending mail with attach, everytime it asked for my website uname and pass, thereafter the aspx had send the amil with attach. so is this the thing to do some mind shake ..:)   ?
On Sunday, November 19, 2006 11:21:54 AM Imar Spaanjaars said:
Hi shar,

I don't know enough about your setup to recommend something useful. You should talk to your ISP about this. Usually, they have FAQs or articles that explain how to code and configure these kind of scenarios.

Cheers,

Imar
On Wednesday, November 22, 2006 1:04:08 AM Ray Boone said:
Hi Imar,
I have a W2K3 server with IIS 6. My ASP.net application is connecting to an Access DB on another server. I've configured the app in web.config to run as a domain user and that user has the proper access. Everything works fine when you access the website, so today I decided to add security (and break everything).

I unchecked anonymous access on the web server and went with integrated security. The website continues to work fine, but now Dreamweaver 8 can't connect to connections on the remote server. I get the Microsoft Jet Database engine cannot open the file... error. I'm guessing it's a permissions problem, but can't figure it out. I've gone as far as checking all shares and folders to make sure permissions are set correctly. I even implemented auditing for everyone for failures on the pertinent folders, but nothing is getting logged. I'm not sure where it's breaking down--especially since the website itself still works (so I'm pretty sure the impersonation is set up correctly).

Do you have any idea why Dreamweaver wouldn't be able to connect to the remote database? I also copied the DB to the web server and set up  a server share and configured it with the same permissions and Dreamweaver works correctly.

Thanks for any help/suggestions.

Ray
On Wednesday, November 22, 2006 4:54:25 PM Sheila said:
Great Article.  
I have a W2K3 server with IIS 6.  It runs a Classic ASP and connects to SQL Server database.

I want to use Integrated Security access.
If you go to step 5, figure 3, we want to run  the site "Out of Process"
The figure shows for IIS 5.0.  Anyway we can check that the site is running out of process and do essentially the same thing in the application pool properties for IIS 6.0

Thanks!
Sheila
On Sunday, November 26, 2006 9:47:54 AM Imar Spaanjaars said:
Hi Sheila,

Yeah, that's correct. With IIS 6, it's much easier to configure Out-of-Process applications through the application pools. Thanks for mentioning this....

Imar
On Sunday, November 26, 2006 9:51:15 AM Imar Spaanjaars said:
Hi Ray,

Unfortunately, I don't know what's going on. It's a bit difficult to say without seeing your setup and code. How does your connection string look like? Maybe it's just a configuration issue, not a security issue?

Imar
On Tuesday, November 28, 2006 6:18:04 PM Ray said:
Hi Imar,

First, let me say that I've really learned a lot from your website over the past couple of weeks. THANK YOU.

I came up with a way around my previous problem--just create the pages on a different server without the restrictions, then move them to my production machine that's been locked down more.

Since then I've run into another problem--probably as a direct result of me trying to do this using a combination of built-in Dreamweaver 8 behaviors and hand coding.

I have a page that displays database records in a DataGrid. In the footer of the DataGrid I've added asp.net controls to insert a record. The insert works fine, but the record won't show up in the DataGrid unless I manually refresh the page. I added a "Refresh" button to the page to make it a bit more user-friendly, but I'd sure love to get the record to show up without making the user press another button.

This is the code for the button:
void Refresh_DG(Object Src, EventArgs e) {

dgTreatment.DataSource = null;
dgTreatment.DataBind();

dgTreatment.DataSource="<%# treatment.DefaultView %>";
dgTreatment.DataBind();

}

Any thoughts you have are greatly appreciated?
On Tuesday, November 28, 2006 6:30:11 PM Imar Spaanjaars said:
Hi Ray,

Glad you like my site....

Personally, I find building .NET websites with Dreamweaver very difficult. Dreamweaver doesn't really have all the tools necessary to build complex web sites.

That said, take a look at this:

dgTreatment.DataSource="<%# treatment.DefaultView %>";
dgTreatment.DataBind();

This looks like a mix between code behind and markup. The method (Refresh_DG) is code behind, while "<%# .... %>" looks like markup for data binding.

Assuming that treatment.DefaultView is a valid object, try something like this instead:

dgTreatment.DataSource= treatment.DefaultView;
dgTreatment.DataBind();

Hope this helps,

Imar
On Tuesday, November 28, 2006 7:02:34 PM Ray said:
Imar,

Thanks for the quick reply--how do you ever find the time to help so many of us newbie coders?

You were right in thinking that there was a mix of code and markup--because I'm trying to take a Dreamweaver-created dataset and update it using my custom insert function, then rebind it to the DataGrid. And yes--this has all been difficult, but I don't have the resources to purchase the right software for the job (sounds like--from your site--that VS2005 would be the way to go).

Your suggestion works for the Refresh button, but ideally, I would like remove that button and have the DataGrid update with the new record after the user clicks the add button in the footer.

Perhaps more useful code to show would be the tail end of my Insert Record function.

Here's another snippet:

//this is the last of the parameters that I'm adding to the update command

OleDbParameter addCurrentProviderPhoneParam = new OleDbParameter(@addCurrentProviderPhone, OleDbType.VarChar, 50);
addCurrentProviderPhoneParam.Value = txtAddCurrentProviderPhone.Text;
cmdExp.Parameters.Add(addCurrentProviderPhoneParam);

//probably self explanatory here
con.Open();
cmdExp.ExecuteNonQuery();
con.Close();

//This is where I was trying to update the DG with the new record
dgTreatment.EditItemIndex = -1;
dgTreatment.DataBind();
On Tuesday, November 28, 2006 7:30:12 PM Imar Spaanjaars said:
Hi Ray,

You know what they say: "If you want something done, ask a busy man to do it...." ;-)

Anyway, isn't it just a matter of refreshing the data source after setting the EditItemIndex to -1?

E.g.:

dgTreatment.EditItemIndex = -1;
dgTreatment.DataSource= treatment.DefaultView;
dgTreatment.DataBind();

or

dgTreatment.EditItemIndex = -1;
dgTreatment.DataSource= GetTreatmentFromDatabase().DefaultView;
dgTreatment.DataBind();

where GetTreatmentFromDatabase() is a method that returns your data?

I don't know where you get the treatment object from so you may need to update it first, but that should do the trick.

BTW: Visual Web Developer 2005 Express Edition is completely free, so you can build ASP.NET 2 websites without additional sotfware investments.

Cheers,

Imar
On Wednesday, December 20, 2006 7:14:36 AM Nir said:
Hi All,
I am new at the IIS and membership features.
I have built a web site with web developer 2005 that include login control.
When i debug the web site in the development enviroment, everything works great (Roles, Login).
When i copy the web site to the WWWroot located in the Inetpub directory, and i try to run the web site from that location, i get HTTP 500 internal server error, when trying to login an existing user.
By the way i am useing the Acceess database provider,
Does it connected to IIS permissions somehow?
Thanks
On Wednesday, December 20, 2006 7:54:43 AM Imar Spaanjaars said:
Hi Nir ,

Hard to say without seeing the actual error message. Take a look here to learn how to make this generic 500 error a bit more useful:

http://www.spaanjaars.com/QuickDocId.aspx?quickdoc=264

Cheers,

Imar
On Thursday, June 21, 2007 10:47:40 AM Jay said:
Thanks for clarifying this authentication thing.
On Friday, November 16, 2007 11:13:06 AM jim said:
Is there really no way you can get your asp.net application to tell you what account it is using? something like: Me.Label1.Text = Application.Accountname.Tostring
On Saturday, November 17, 2007 10:14:45 AM Imar Spaanjaars said:
Hi jim,

Yes, you can, with things like:

Page.User.Identity.Name;
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
System.Threading.Thread.CurrentPrincipal.Identity.Name;

However, there is more to this than meets the eye at first, so be sure to check out an article like this: http://www.eggheadcafe.com/articles/20050703.asp

Cheers,

Imar
On Wednesday, December 26, 2007 8:13:47 AM Ong said:
Great article! After granted the access to the folder I still have the Access to the path "\\ServerB\FolderA\" is denied error message.

Actually, my application is located at web server (ServerA - W2k3) and need to get the file from another server (ServerB -W2k3 R2). I granted the FolderA with ASPNET, NetworkService, IUSR_MachineName(ServerA), IIS_WPG. On the application, that is identity impersonate="true" and anonymous users.

Please help... Thanks.
On Friday, December 28, 2007 1:46:08 PM Imar Spaanjaars said:
Hi Ong,

The accounts you mentioned are all local accounts and as such won't be able to access network resources. Take a look here instead:

http://imar.spaanjaars.com/QuickDocId.aspx?quickdoc=276

Cheers,

Imar
On Monday, December 31, 2007 12:20:31 AM Ong said:
Imar,

Thanks. It is working now.
On Wednesday, March 26, 2008 9:04:19 AM dark said:
hi.. i am doing a login function.. as there are some files in the folder which the user must be logged in before he can go to the web page.. even if he directly keyed in the URL, it will direct it back to the login page.. there was no problem when i am using VS2005 to run it.. but when i put it in the IIS and access it through a browser.. the user can access the webpage directly without logging in..  as the login information is, i am using MySQL to store it.. for the authentication mode, i put it as forms.. i need some help
On Wednesday, March 26, 2008 8:28:45 PM Imar Spaanjaars said:
Hi dark,

This is a bit too off-topic for me to answer here on this article. You're better off trying a forum like http://p2p.wrox.com

Cheers,

Imar
On Friday, May 01, 2009 7:26:28 PM AlwaysLearning said:
FYI, small spelling error at the beginning

'need to grand the '
  should be
'need to grant the '

BTW, like your writing style. It is very easy to follow, at least for me :-)

Please keep the info coming!!!
On Friday, May 01, 2009 7:41:54 PM Imar Spaanjaars said:
Hi AlwaysLearning.

Fixed, thank you....

Imar
On Tuesday, November 10, 2009 4:15:53 AM Abi said:
awesome article mate !! thnks heaps !!
On Monday, December 28, 2009 1:06:05 PM arjun said:
Hi i have a site running on both http and https protocols.
i have  a method which will generate PDF out of the current web page programatically using a 3rd party dll which uses webbrowser control.
The problem is when i run my site in http protocol, i get the CSS and Images, but when i run it in https i dont get images and CSS onto PDF that is generated. In this case  my application pool identitiy is IWAM_machineName user and ananymous access checked with IUSER_machinename user.
Again When i change the application pool identitiy to my windows login credentials it works like magic and i get the pdf with both Images and CSS.

i am unable to figure out what is the problem with or what permissions/changes need to be done so that i get them from IWAM_machineName user account.

i have a valid test certificate without any errors for SSL

i m using windows 2003 and IIS 5.2

i m stuck with this issue and not able to proceed further
any suggessitions would be of great help to me.
thanks in advance
-arjun
On Monday, December 28, 2009 5:48:52 PM Imar Spaanjaars said:
Hi arjun,

I don't know the answer to this question as I never ran into it. Does SSL work fine for normal pages and resources? If so, the problem is likely with the third party component in which case you should contact their support department.

Cheers,

Imar
On Sunday, January 10, 2010 1:33:48 PM Question said:
my question is about what would be the password ?
I tried to change it many times but when I start the local host IE asks me to give the user name and password.
I know the user name according to what you explain above but the password.
please help me solving such problem
?
regards
On Sunday, January 10, 2010 1:44:36 PM Imar Spaanjaars said:
Hi there,

If you get a password prompt, you probably don't need to enter a password, but you need to configure the system as explained here: http://imar.spaanjaars.com/QuickDocId.aspx?quickdoc=263 instead. It typically means the web server account cannot access the requested resources and tries to work around that by letting you enter a user name and password.

Cheers,

Imar
On Wednesday, August 03, 2011 12:50:35 AM Yogesh Chandra Upreti said:
This help is very needful thanks! Thanks a lot.

Dear Sir i have a problem in my application can you please help me out.

The problem posted here in this forum
PLEASE Visit
Copy paste url:

http://forums.webexcelsolutions.com/forum_posts.asp?TID=2303&PID=10091#10091

______This is the Error Coming__________
Active Server Pages error 'ASP 0113'

Script timed out

/CapitelAdminControl/dashboard/Product/process2.asp

The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.
On Wednesday, August 03, 2011 12:57:04 AM Imar Spaanjaars said:
Hi there,

How is this related to the original topic of determining the security account?

And doesn't the error message say exactly what the problem is and how to solve it? Did you search Google for the exact error message?

Imar
On Wednesday, August 03, 2011 1:34:04 AM Yogesh Chandra Upreti said:
Yes i know this is different topic as per your original topic discussed.
Yes i have googled a lot but problem is still there.
On Monday, September 19, 2011 3:23:45 AM Ella said:
The problem has persecute me more than a week!
I found the article of you at the first time,
http://imar.spaanjaars.com/263/how-do-i-fix-asp-80004005-errors
but , this not help.
After a week , i found this article from other site , and it save me ^^!!

THANK YOU !! YOU ARE GREAT.
On Thursday, April 18, 2013 3:38:20 PM steve said:
This is a nice article, but I don't see that it answers the question it posed: "How Do I Determine the Security Account that IIS Uses to Run My Web Site?"  It explains what accounts it might be using, but not how to determine which account is actually being used.  Is there a property that will do that so I can print out a debug message with that name?  Then I could set the permissions for the folder for that user.
On Friday, April 19, 2013 9:59:58 AM Imar Spaanjaars said:
Hi steve,

I am not sure I agree. This article does mention the accounts that are used and under which circumstances, so you should be able to find out the actual account that is being used.

That said, when running .NET, use this code to find out the account at run-time:

var user = System.Security.Principal.WindowsIdentity.GetCurrent().User;
var userName = user.Translate(typeof(System.Security.Principal.NTAccount));

More info: http://stackoverflow.com/questions/275824/how-to-find-out-which-account-my-asp-net-code-is-running-under

Cheers,

Imar
On Sunday, April 21, 2013 8:40:00 PM Steve said:
Thanks Imar.  That is what I was asking.  I think that answers my question.

Talk Back! Comment on Imar.Spaanjaars.Com

I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.

When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.

If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the QuickDocId of the document.

For more information about the Talk Back feature, check out this news item.