Deploying ASP.NET in a mixed NT4 & W2K domain

[Jason James]

Hi all,

I am developing an ASP.NET app that will be deployed
into a mixed NT4 & W2K domain. The PDC is running NT4
(I know we should have upgraded by now and it is on the
cards but this is what I have to work with).

On my development machine I have an ASPNET user
that I assume is my annonymous user, but this user
is not present in the domain! Do I need an ASPNET user
in the domain?

Can I use the authentication of the user instead on an
annonymous user as this is an Intranet app to detetmine
which server and network resources are available? How
do I do this?

Does anyone have any useful resources that I should check
out that will answer my questions and give me some
guidance on deploying to a mixed OS domain? The
server running IIS is W2K right now.

Many thanks,

Jason.

 

[Paul Clement]

On Wed, 27 Jul 2005 08:08:33 GMT, (e-mail address removed) (Jason James) wrote:

¤ Hi all,
¤
¤ I am developing an ASP.NET app that will be deployed
¤ into a mixed NT4 & W2K domain. The PDC is running NT4
¤ (I know we should have upgraded by now and it is on the
¤ cards but this is what I have to work with).
¤
¤ On my development machine I have an ASPNET user
¤ that I assume is my annonymous user, but this user
¤ is not present in the domain! Do I need an ASPNET user
¤ in the domain?
¤

No, it's a local restricted account and the default account under which the thread of your ASP.NET
application executes when not implementing impersonation (the default). This account is not the same
as the Anonymous accounts IUSR_<machinename> and IWAM_<machinename>.


¤ Can I use the authentication of the user instead on an
¤ annonymous user as this is an Intranet app to detetmine
¤ which server and network resources are available? How
¤ do I do this?
¤

Yes, you can enable impersonation for access to local (web server) resources when using
authenticated (Basic, Digest, Integrated NT) security:

http://msdn.microsoft.com/library/d...-us/cpguide/html/cpconaspnetimpersonation.asp

If you need to delegate security to access remote resources then see the following:

http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconaspnetdelegation.asp


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[Jason L James]

Paul,

thanks for the info. I'll take a look at the links right now.

No, it's a local restricted account and the default account under which the thread of your ASP.NET
application executes when not implementing impersonation (the default). This account is not the same
as the Anonymous accounts IUSR_<machinename> and IWAM_<machinename>.

Can you please provide me with an explanation of the differences
between the two user accounts you name above, and what each
is used for, when it is used and by what process?

Many thanks,

Jason.

 

[Paul Clement]

¤ Paul,
¤
¤ thanks for the info. I'll take a look at the links right now.
¤
¤ >No, it's a local restricted account and the default account under which the thread of your ASP.NET
¤ >application executes when not implementing impersonation (the default). This account is not the same
¤ >as the Anonymous accounts IUSR_<machinename> and IWAM_<machinename>.
¤
¤ Can you please provide me with an explanation of the differences
¤ between the two user accounts you name above, and what each
¤ is used for, when it is used and by what process?

The IUSR_<machinename> account is the default identity used for IIS (low protection) in-process web
applications, while the IWAM_<machinename> account is the identity used for IIS (medium or higher)
out-of-process pooled web applications (running under their own DLLHost process).


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[Jason L James]

Paul,

many thanks,

Jason.