Identity System

  • Thread starter Thread starter Arran Pearce
  • Start date Start date
A

Arran Pearce

Hi,

How can i get my ASP Page or Web Service to run as the LocalSystem rather
than a user?

cheers
 
The default user for all apps is set in your machine.config file in your
local .NET installation folder (in a folder called config). If you look in
that file, in the <processModel> section user="machine" is pry what is set
right now. You can change that to SYSTEM as you want, but it is highly
recommended you don't do that (for security reasons). But it's your call.

In addition, I'm not sure, you may be able to define this in your local
web.config also, and thus override the machine.config setting. Haven't
investigated that myself, so dunno if you can do on an app by app basis...

Another alternative is to use impersonation, and set the user you want all
visitors to run under....
 
Hi,

I think what you meant is ASP.NET impersonation.

You could add a line in web.config to run an application as a configurable identity. For example:

<identity impersonate="true" userName="contoso\Jane" password="pass"/>

Please refer to http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetimpersonation.asp?frame=true for details.

Thanks very much.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: "Craig Deelsnyder" <[email protected]>
!References: <[email protected]>
!Subject: Re: Identity System
!Date: Sun, 27 Jul 2003 20:26:12 -0500
!Lines: 30
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <#[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!NNTP-Posting-Host: c-66-41-16-200.mn.client2.attbi.com 66.41.16.200
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:162483
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!The default user for all apps is set in your machine.config file in your
!local .NET installation folder (in a folder called config). If you look in
!that file, in the <processModel> section user="machine" is pry what is set
!right now. You can change that to SYSTEM as you want, but it is highly
!recommended you don't do that (for security reasons). But it's your call.
!
!In addition, I'm not sure, you may be able to define this in your local
!web.config also, and thus override the machine.config setting. Haven't
!investigated that myself, so dunno if you can do on an app by app basis...
!
!Another alternative is to use impersonation, and set the user you want all
!visitors to run under....
!
!--
!Craig Deelsnyder
!Microsoft MVP - ASP/ASP.NET
!
!
!!> Hi,
!>
!> How can i get my ASP Page or Web Service to run as the LocalSystem rather
!> than a user?
!>
!> cheers
!>
!>
!
!
!
 
One other thing....

how to i get my application to run with the rights of the local system
account? What would i enter in the username & password (in the web.config
file).

again....many thanks

Arran
 
Hello Arran,

Craig has provided the answer already. :)

Please look in machine.confign file in C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\config folder, in the
<processModel> section user="machine" is what is set right now. You can change that to SYSTEM as you want, but it is not
recommended sicne asp.net app will running under a more powerful account.

Thanks.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: "Arran Pearce" <[email protected]>
!References: <[email protected]> <#[email protected]>
<[email protected]> <#[email protected]>
<[email protected]>
!Subject: Re: Identity System
!Date: Wed, 30 Jul 2003 00:35:35 +0100
!Lines: 145
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!NNTP-Posting-Host: host213-122-6-143.in-addr.btopenworld.com 213.122.6.143
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:163181
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!One other thing....
!
!how to i get my application to run with the rights of the local system
!account? What would i enter in the username & password (in the web.config
!file).
!
!again....many thanks
!
!Arran
!
!!> Hello Arran,
!>
!> You are welcome. Thanks very much for participating the community.
!>
!> Best regards,
!> Yanhong Huang
!> Microsoft Online Partner Support
!>
!> Get Secure! - www.microsoft.com/security
!> This posting is provided "AS IS" with no warranties, and confers no
!rights.
!>
!> --------------------
!> !From: "Arran Pearce" <[email protected]>
!> !References: <[email protected]>
!<#[email protected]>
!> <[email protected]>
!> !Subject: Re: Identity System
!> !Date: Tue, 29 Jul 2003 08:50:15 +0100
!> !Lines: 88
!> !X-Priority: 3
!> !X-MSMail-Priority: Normal
!> !X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
!> !X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
!> !Message-ID: <#[email protected]>
!> !Newsgroups: microsoft.public.dotnet.framework.aspnet
!> !NNTP-Posting-Host: 212.219.119.220
!> !Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
!> !Xref: cpmsftngxa06.phx.gbl
!microsoft.public.dotnet.framework.aspnet:162908
!> !X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!> !
!> !Thanks for the info.
!> !
!> !
!> !
!> !!> !> Hi,
!> !>
!> !> I think what you meant is ASP.NET impersonation.
!> !>
!> !> You could add a line in web.config to run an application as a
!configurable
!> !identity. For example:
!> !>
!> !> <identity impersonate="true" userName="contoso\Jane" password="pass"/>
!> !>
!> !> Please refer to
!>
!!http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetimpersonati
!o
!> !n.asp?frame=true for details.
!> !>
!> !> Thanks very much.
!> !>
!> !> Best regards,
!> !> Yanhong Huang
!> !> Microsoft Online Partner Support
!> !>
!> !> Get Secure! - www.microsoft.com/security
!> !> This posting is provided "AS IS" with no warranties, and confers no
!> !rights.
!> !>
!> !> --------------------
!> !> !From: "Craig Deelsnyder" <[email protected]>
!> !> !References: <[email protected]>
!> !> !Subject: Re: Identity System
!> !> !Date: Sun, 27 Jul 2003 20:26:12 -0500
!> !> !Lines: 30
!> !> !X-Priority: 3
!> !> !X-MSMail-Priority: Normal
!> !> !X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!> !> !X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!> !> !Message-ID: <#[email protected]>
!> !> !Newsgroups: microsoft.public.dotnet.framework.aspnet
!> !> !NNTP-Posting-Host: c-66-41-16-200.mn.client2.attbi.com 66.41.16.200
!> !> !Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
!> !> !Xref: cpmsftngxa06.phx.gbl
!> !microsoft.public.dotnet.framework.aspnet:162483
!> !> !X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!> !> !
!> !> !The default user for all apps is set in your machine.config file in
!your
!> !> !local .NET installation folder (in a folder called config). If you
!look
!> !in
!> !> !that file, in the <processModel> section user="machine" is pry what is
!> !set
!> !> !right now. You can change that to SYSTEM as you want, but it is
!highly
!> !> !recommended you don't do that (for security reasons). But it's your
!> !call.
!> !> !
!> !> !In addition, I'm not sure, you may be able to define this in your
!local
!> !> !web.config also, and thus override the machine.config setting.
!Haven't
!> !> !investigated that myself, so dunno if you can do on an app by app
!> !basis...
!> !> !
!> !> !Another alternative is to use impersonation, and set the user you want
!> !all
!> !> !visitors to run under....
!> !> !
!> !> !--
!> !> !Craig Deelsnyder
!> !> !Microsoft MVP - ASP/ASP.NET
!> !> !
!> !> !
!> !> !!> !> !> Hi,
!> !> !>
!> !> !> How can i get my ASP Page or Web Service to run as the LocalSystem
!> !rather
!> !> !> than a user?
!> !> !>
!> !> !> cheers
!> !> !>
!> !> !>
!> !> !
!> !> !
!> !> !
!> !>
!> !>
!> !
!> !
!> !
!>
!>
!
!
!
 
So i have to change it for the whole server. I cant just change it for one
application?

sorry if i am being very stupid here.

thanks

Arran

Yan-Hong Huang said:
Hello Arran,

Craig has provided the answer already. :)

Please look in machine.confign file in
Click to expand...
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\config folder, in the
<processModel> section user="machine" is what is set right now. You can
Click to expand...
change that to SYSTEM as you want, but it is not
recommended sicne asp.net app will running under a more powerful account.

Thanks.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
If you were running a hosting service, hosting clients that ran ASP.Net
sites, would you want them to simply allow their apps to run under your
SYSTEM account?

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
http://www.takempis.com
Complex things are made up of
lots of simple things.
 
Yeah fair point.

only reason i was wanting to run as system was because i am doing some
testing with CDO on a exchange server.

thanks for all the info everyone anyway.

arran

Kevin Spencer said:
If you were running a hosting service, hosting clients that ran ASP.Net
sites, would you want them to simply allow their apps to run under your
SYSTEM account?

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
http://www.takempis.com
Complex things are made up of
lots of simple things.

Arran Pearce said:
So i have to change it for the whole server. I cant just change it for one
application?

sorry if i am being very stupid here.

thanks

Arran


C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\config folder, in the can
change that to SYSTEM as you want, but it is not
Click to expand...
!!http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetimpersonat file
in what you
want
Click to expand...
Click to expand...
 
Back
Top