Return to
HomePageASPNET2SecurityFAQs
Question: How do I create a service account for running my ASP.NET applications?
Answer:
* Create a Windows account
* Run the following aspnet_regiis.exe command to assign the relevant ASP.NET permissions to the account:
aspnet_regiis.exe -ga machineName\userName
On Windows 2003, running the Aspnet
regiis.exe -ga command will add the account to the IISWPG group. The IIS_WPG group provides the
Log on as a batch job permission and ensures that the necessary file system permissions are granted.
Note: At the time of this writing, the aspnet
regiis –ga command on .NET Framework 2.0 beta 2 does not add the account to the '''IISWPG* group and this must be done manually. The release version of the .NET Framework 2.0 will fix this issue and the account will be added to the *IIS_WPG''' group.
* Use the Local Security Policy tool to grant the Windows account the
Deny logon locally user right. This reduces the privileges of the account and prevents anyone logging onto Windows locally with this account.
* Use IIS Manager to create an application pool running under the new account's identity and assign your ASP.NET application(s) to this pool.
More Information
For more information on creating secure accounts for your ASP.NET applications, see “How To: Create a service account for an ASP.NET 2.0 application” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000009.asp
Return to
HomePageASPNET2SecurityFAQs
Silverlight: Silverlight Test Driven Development – Part II
WindowsClient: Battery notification messages in Windows 7
TechNet Edge: February 2010 Security Bulletin Overview
Channel 10: 5 Bing Map Apps for the Winter Olympics
Mix Online: Design for tables