开发者

ASP.NET Granting access to local resources

I have an ASP.NET web application that runs on a windows server 2003 server.

there is a form that reads and writes data to an xml file inside the application's directory.

I always grant the NETWORK SERVICE user full control on my application folder so that it can read and write to the xml file.

I put the application on another windows server 2003 server and did the same steps above but i was getting an Access denied exception on the form that reads and writes to the xml.

I did some search and foun开发者_开发技巧d that if you grant the user ASPNET full control to the directory it would work, I did that and it worked fine.

my question is: what is the difference between granting full control permissions to NETWORK SERVICE and ASPNET users ?

and what can be the difference between the two servers that caused this issue ?

thanks


In all cases, you need to grant the application pool's user account the appropriate access. Application pools were introduced with IIS6. Before IIS6, the .NET application ran under the user account configured in the machine.config file so you would look there to determine the user that needs access.

Network Service is assigned to application pools by default. It sounds like someone set it up differently on one of the servers.


Ideally, you should not be using either account.

You should create a low privilege account that only has access to the resources you need for each web application you have. Add the new account to the IIS_WPG user group. Then create an application pool for each application and set it to run as the user you created specifically for it.

See this article (TechNet) for directions on changing the identity of the app pool.

The configuration I described is now the default in Server 2008 R2/Win 7 (source).

Unfortunately, because someone changed the default configuration on your second server, there is no way for us to tell you what the differences between the two accounts are.

What you will need to do (or have your IT department do) is compare the permissions each account has on the local machine. This will be tedious. However, if you can run powershell, you can use this article to write a script to list out the permissions for each account and compare them.

Good luck finding the differences.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜