A question about windows accounts -- asp.net security

Chris Leffer
11/12/2004 4:42:49 AM

Hi.

I have a windows 2003 server running an asp.net application. I use an
administrator account to logon to this machine. When my asp.net site
receives requests from my users, these requests are passed to the
Network Services account. So my question is: What resources the users
coming from the internet can access? Those allowed by the windows user
logged on (my administrator account) or those allowed by the Network
Service account?

Regards,
Chris Leffer

*** Sent via Developersdex http://www.developersdex.com ***

Hernan de Lahitte
11/12/2004 10:52:05 AM

They will run under Network Service account whenever you set
impersonate="false" (the default setting) in your web.config file.
Otherwise the will run under their own accounts if IIS is configured to use
only NTLM authentication.
Notice that in neither scenario they will run under the logged on user that
is your Administrator account in your case.

Regards,

Hernan de Lahitte
http://weblogs.asp.net/hernandl

"Chris Leffer" <chrisl@wank.com> escribió en el mensaje
news:OxdJfULyEHA.1192@tk2msftngp13.phx.gbl...
[quoted text, click to view]

asp.net security : A question about windows accounts