Running ASP.NET on a DomainController

[Randy]

I'm developing an ASP.NET app that uses ActiveDirectory. To demo
this, I've built a notebook as a Win2000 DomainController with IIS.
To my pleasant surprise this actually worked - at least until I
patched it the other night. Now I get nothing but security violations
(access denied), with no usefull indication as to what security I've
violated. I'm using 'impersonate' mode and I'm logged in as the admin
of the only Domain.

I can get this working with .NET 1.0 and an un-patched DC, but I need
to upgrade it to .NET 1.1 which requires patches that will introduce
the security problems.

I've tried modifying the Machine.Config to use 'SYSTEM' rather than
'machine' as the processed, this didn't do it.

Does anybody have a hint on what security settings need to be tweeked
to get this to work?

Thanks,
Randy

 

[Luther Miller]

When you install .NET 1.1 on a Domain Controller, ASP.NET uses the
IWAM_[machinename] user instead of ASPNET user. This is probably leading to
your issues...

This isn't clearly spelled out in documentation I have seen, but I found out
the gory details via a support call.
________________________________________________________
Luther Miller . MCSD (.NET), Sr Software Architect / Engineer
Softagon Corporation . www.softagon.com . San Francisco

 

[Joe Iano]

Had the same problem. Change to username "machine" and password
"AutoGenerate" worked for us (from ASPNET user or something similar--I'm
away from the machine at the moment).

ALSO, had to stop and restart the web service before the change took effect.

 

[Peter O'Reilly]

This is a documented Microsoft bug. Refer to knowledge base article:
Q315158
"BUG: ASP.NET Does Not Work with the Default ASPNET Account on a Domain
Controller"
which may be found in the Visual Studio documentation/help
(ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/enu_kbaspnetkb/en-us/aspnetk
b/Q315158.htm)
or http://support.microsoft.com
HTH