|Written by||Imar Spaanjaars|
|Listened to||Sleeping Beauty by A Perfect Circle (Track 19 from the album: Thirteenth Step)|
Are you looking to hire an experienced software developer or .NET consultant? Then get in touch with me through my company's web site at devierkoeden.com
Found an interesting article on this site? Got inspired by something you read here? Then consider making a donation with PayPal.
Like this article? Or do you think it sucks? Make yourself heard by casting your vote below.Total number of ratings: 79
There is a big difference between classic ASP and ASP.NET applications when it comes to determining the user's context that IIS is running under, so this FAQ is divided in two sub sections that explain how to determine the account that IIS uses:
By default, for a Web site that allows anonymous access, this account is called IUSR_MachineName where MachineName is the name of your computer. However, when you are using a security mechanism in IIS other than Anonymous Access, you manually changed the account that IIS uses or you're running your Web site " Out Of Process", you're likely to encounter another user account. The following table lists the possible user accounts that IIS is using in various scenario's:
|The Web site or Virtual Directory / Application is configured for Anonymous Access
|The Web site or Virtual Directory / Application is configured for Anonymous Access, but runs out of process (The Application Protection is set to High in the Home Directory or Virtual Directory tab of your Web application)
|The Web site or Virtual Directory / Application is configured for Basic Authentication or Integrated Windows Authentication
||The account you used to log on to your Web application|
|The Web site or Virtual Directory / Application is configured for Anonymous Access, but you manually changed the account used for anonymous access
||The account you specified|
To find out how your system is configured, follow these steps:
For ASP.NET, things are a bit different. By default, ASP.NET will run under a special account called ASPNET. This account is a "least privileged" account which means it's pretty restricted in the things it can do on your system. To make things a bit more confusing, on Windows Server 2003, an account called "Network Service" is used by default instead of the ASPNET account.
So, whether you are using Anonymous Access or Basic / Integrated security, the account is always the ASPNET or Network Service account. However, you can change this by modifying the Web.Config file for the application. To make the change, you can add an <identity impersonate="true" /> to the <system.web> section. If you add the element, IIS will impersonate the current user and use that account instead of the ASPNET account. This means that with Anonymous Access enabled, this account is the anonymous account. Usually, this will be the IUSR_MachineName account, but check out step 4 of the instructions for classic ASP to find out whether that is true or not in your situation.
If you're not using Anonymous Access, but Basic or Integrated Security instead, the account that is used is the one that the current user is logged on with. You can also explicitly specify an account that you want to use by setting the userName and password attributes of the <identity> element.
The following table lists the various possibilities. The first column determines whether or not impersonation has been enabled in the Web.Config file. The second and third column list the options for Anonymous Access and no Anonymous Access respectively:
|ASP.NET Impersonation||Anonymous Access||No Anonymous Access (Basic, Integrated etc)|
|Disabled||ASPNET or Network Service account||ASPNET or Network Service account|
|Enabled||IUSR_MachineName||The authenticated user|
|Enabled with a specified user account||The specified account||The specified account|
The following articles provide more and detailed information about configuring security in ASP.NET:
Wonder where to go next?
You can read existing comments below
or you can post a comment yourself on this article.
Consider making a donation
Please consider making a donation using PayPal. Your donation helps me to pay the bills so I can keep running Imar.Spaanjaars.Com, providing fresh content as often as possible.
I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.
When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.
For more information about the Talk Back feature, check out this news item.
Unfortunately, something went wrong and your message or comments have not been submitted successfully.
There's a fair chance things broke down because you tried to post something that looks like HTML. Things that look HTML include (X)HTML, obviously, XML, ASP.NET markup and c# generics syntax as all of them use the < and > characters.
If that's the case, try altering your message and remove anything that looks like an angled bracket. You can replace them with [ and ] for example so you can still make it look like HTML to some extend.
If, on the other hand, you were trying to spam this web site, I am pretty glad I caught you in the act and stopped you from doing so ;-)
The number you entered is not correct. Please enter the sum of the two numbers again.