ASPNET users

[Zen]

Hi everyone,

I have the following security issue. I have a ASP.NET application running on
a Server (SERVER_A - XP pro). A certain page needs to show a picture located
on another Server (SERVER_B). Normaly the IIS connects using the local
ASPNET user account, but SERVER_B don't know this account and denies access
to the file. I have tried to add this user account to the second server but
I don't know the pasword so this attempt failed alsoo. How must i configure
the security settings to achieve this.

Any help will be highly apreciated.

Kurt

 

[Joe Kaplan \(MVP - ADSI\)]

You might consider running your ASP.NET worker process as a domain account
so that server b can authenticate it's credentials on the network. You
might also consider putting the code that need to access the file in COM+
and running that under a domain identity. Also, you might just consider
accessing the file remotely via HTTP via HttpWebRequest or a Web Service.

Lots of options.

Joe K.

 

[Paul Glavich]

Or, you could set the ASPNET account to have a specific password in the
machine.config. Look in the <processModel> element for a 'password' entry.
Its normally set to AutoGenerate but you can specify a particular password,
and also create an ASPNET user on server B with the same password and you
are away. Its just another option, however I would recommend Joe's final
option, unless you dont mind a bit of a performance hit when accessing a
COM+ component then you can go with that (seems a bit overkill though).