NetworkService Account alternative

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Max2006
    #1

    NetworkService Account alternative

    Hi,

    I want my ASP.NET application connects to a SQL Server through windows
    authentication.

    To do this, I assume that my application pool should be under a windows
    identity instead of NetworkService. (right?)

    Since the ASP.NET's application pool user identity should be as restricted
    and secured as NetworkService, is there any guideline how to limit and
    secure the new user?

    Thank you,
    Max


    Tags: None
    • Norman Yuan
      #2
      Re: NetworkService Account alternative

      You can either set the application pool running user account to an
      appropriate local or domain account (WIN2003 or later) or consider use
      impersonation with your ASP.NET app..

      "Max2006" <alanalan1@news group.nospamwro te in message
      news:87720090-58D4-4636-8818-AF69FD4092F7@mi crosoft.com...
      Hi,
      >
      I want my ASP.NET application connects to a SQL Server through windows
      authentication.
      >
      To do this, I assume that my application pool should be under a windows
      identity instead of NetworkService. (right?)
      >
      Since the ASP.NET's application pool user identity should be as restricted
      and secured as NetworkService, is there any guideline how to limit and
      secure the new user?
      >
      Thank you,
      Max
      >
      >

        Comment

        • Steven Cheng [MSFT]
          #3
          RE: NetworkService Account alternative

          Hi Max,

          For your scenario, you have the following options:

          1. configure your ASP.NET application to use a custom application pool
          identity( process account) which can be authenticated by the remote SQL
          Server machine. You can follow the following referece about how to create a
          custom account which also inclulde grant the custom acount the proper
          permission:

          #How To: Create a Service Account for an ASP.NET 2.0 Application
          How To: Create a Service Account for an ASP.NET 2.0 Application
          http://msdn.microsoft.com/en-us/library/ms998297.aspx



          2. You can use impersonate to make your ASP.NET page request running under
          an impersonate account (instead of the worker process account). Impersonate
          can be done via web.config statically or in code dynamically(mor e
          flexible). Here are some useful articles introduced how to use impersonate
          in ASP.NET:

          #How To: Use Impersonation and Delegation in ASP.NET 2.0
          How To: Use Impersonation and Delegation in ASP.NET 2.0
          http://msdn.microsoft.com/en-us/library/ms998351.aspx


          #Understanding ASP.NET Impersonation Security
          Understanding ASP.NET Impersonation Security
          http://www.west-wind.com/WebLog/posts/2153.aspx
          Understanding how ASP.NET's internal security works is important if your application needs to access resources on the local machine. Specifically it's important to know exactly which account your ASP.NET application is running under. This entry reviews different ways of how this account is affected by different versions of Windows, and ASP.NET configuration.


          Sincerely,

          Steven Cheng

          Microsoft MSDN Online Support Lead


          Delighting our customers is our #1 priority. We welcome your comments and
          suggestions about how we can improve the support we provide to you. Please
          feel free to let my manager know what you think of the level of service
          provided. You can send feedback directly to my manager at:
          msdnmg@microsof t.com.

          =============== =============== =============== =====
          Get notification to my posts through email? Please refer to
          Microsoft Learn: Build skills that open doors in your career
          http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
          Gain technical skills through documentation and training, earn certifications and connect with the community

          ications.

          Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
          where an initial response from the community or a Microsoft Support
          Engineer within 1 business day is acceptable. Please note that each follow
          up response may take approximately 2 business days as the support
          professional working with you may need further investigation to reach the
          most efficient resolution. The offering is not appropriate for situations
          that require urgent, real-time or phone-based interactions or complex
          project analysis and dump analysis issues. Issues of this nature are best
          handled working with a dedicated Microsoft Support Engineer by contacting
          Microsoft Customer Support Services (CSS) at
          http://msdn.microsoft.com/subscripti...t/default.aspx.
          =============== =============== =============== =====
          This posting is provided "AS IS" with no warranties, and confers no rights.
          --------------------
          >From: "Max2006" <alanalan1@news group.nospam>
          >Subject: NetworkService Account alternative
          >Date: Tue, 24 Jun 2008 17:33:43 -0400
          >
          >Hi,
          >
          >I want my ASP.NET application connects to a SQL Server through windows
          >authentication .
          >
          >To do this, I assume that my application pool should be under a windows
          >identity instead of NetworkService. (right?)
          >
          >Since the ASP.NET's application pool user identity should be as restricted
          >and secured as NetworkService, is there any guideline how to limit and
          >secure the new user?
          >
          >Thank you,
          >Max
          >
          >
          >

            Comment

            Previous template Next
            Working...