i am running windows server 2008 r2 standard. i was unable to give DefaultAppPool permissions to an .mdb file using the GUI. i was able to do it with icacls. however, the web application still could not write to the database. i tried using the iis_iusrs group
as well, but writing to the database was still denied. finally, i gave the IUSR account modify permissions and it worked. any ideas why i'm having to do this and how i can make my installation of iis 7 work the recommended way?
Yes, its because you are not using .net, so the app runs under the security context of the anonymous user (IUSR), because in classic asp impersonation cannot be disabled.
To make it work the "recommended" way set your anonymous identity = app pool
Hi, I'm having problems understanding what to use when programmatically giving acess rights to a directory to an asp2 web-app. The call is to be made to Addaccessrule to create a new ACE in the ACL. How can I find a SID to supply in that call for Defaultapppool,
or should I just give that as a Username? /Sven
Thanks, but in the first link there is a worrying sentence: "To do so, you would set your security using the name of an application pool by using syntax like "IIS AppPool\DefaultAppPool." This identity is created dynamically, thereby dramatically reducing
the surface attack area of your server"
The word "dynamically" is ominous to me, I get the impression that if I use syntax like:
to create en ACE in an ACL for a resource, later on, the SID-number för "IIS AppPool\DefaultAppPool" will have changed so the access rule stops working?
Or is the SID-number stabile on that machine, for that specific name "IIS AppPool\DefaultAppPool", so I shouldn't worry about the wording "dynamic"?
mr_3ntropy
12 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Oct 11, 2010 12:29 PM|LINK
Yes, its because you are not using .net, so the app runs under the security context of the anonymous user (IUSR), because in classic asp impersonation cannot be disabled.
To make it work the "recommended" way set your anonymous identity = app pool
zipswich
54 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jun 01, 2011 11:25 PM|LINK
I want to second what jgovednik described.
I used to grant DefaultAppPool permissions for my ASP.net apps. Now I just grand permissions to IIS_IUSRS. This has worked well for me so far.
steve schofi...
5681 Posts
MVP
Moderator
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jun 02, 2011 12:05 AM|LINK
+1
Steve Schofield
Windows Server MVP - IIS
http://iislogs.com/steveschofield
http://www.IISLogs.com
Log archival solution
Install, Configure, Forget
sh_olsson
2 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jul 26, 2011 01:00 PM|LINK
HCamper
8048 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jul 26, 2011 02:50 PM|LINK
Hello @ sh_olsson,
If you check IIS Net library http://www.iis.net/ConfigReference/system.applicationHost/applicationPools
reference for Application Pools the samples section may help.
For general Application Pool use http://learn.iis.net/page.aspx/624/application-pool-identities/ in IIS Net library.
Martin
Community Member Award 2011
freefallen
1 Post
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jul 27, 2011 02:28 PM|LINK
HCamper
8048 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jul 27, 2011 04:00 PM|LINK
Hi @ freefallen,
The information in the thread from Lex for ICALS commands and operation
work with IIS Server 7.0 to manage permissions.
http://technet.microsoft.com/en-us/library/cc753525.aspx .
Martin
Community Member Award 2011
sh_olsson
2 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Jul 27, 2011 05:06 PM|LINK
Thanks, but in the first link there is a worrying sentence: "To do so, you would set your security using the name of an application pool by using syntax like "IIS AppPool\DefaultAppPool." This identity is created dynamically, thereby dramatically reducing the surface attack area of your server"
The word "dynamically" is ominous to me, I get the impression that if I use syntax like:
...FileSystemAccessRule(New NTAccount("IIS AppPool\DefaultAppPool"), FileSystemRights...
to create en ACE in an ACL for a resource, later on, the SID-number för "IIS AppPool\DefaultAppPool" will have changed so the access rule stops working?
Or is the SID-number stabile on that machine, for that specific name "IIS AppPool\DefaultAppPool", so I shouldn't worry about the wording "dynamic"?
/sh
HCamper
8048 Posts
Re: Troubles with ApplicationPoolIdentity: -in IIS 7.5 or Windows 7 OS
Jul 27, 2011 05:23 PM|LINK
Hi,
The Topic "Troubles with ApplicationPoolIdentity" " IIS 7.5 server" or "Windows 7 operating systems"
Your questions are important "security questions and concerns" need the best possible answers.
Create a new post.
TIA,
Martin
Community Member Award 2011
olivier.vout...
4 Posts
Re: Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Sep 27, 2011 07:56 AM|LINK
Have you ever found the solution to this problem? I'm having a problem very similar when trying to access an Azman Xml...