Professional Web Applications Themes

custom account for ASP.NET worker process - ASP.NET Security

Hi I have created a least privileged a/c by following what the ASP.NET security doc, secmod15, suggested. Then I tried to load the login.aspx page again, and this time I get HTTP 401.1 - Unauthorized: Logon Failed I have checked the event logs. Under System Log I found the related error, it says The server was unable to logon the Window NT account <the_custom_a/c> due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. The data is the error code. Data (if Words is selected) : 00000569. I have double ...

  1. #1

    Default custom account for ASP.NET worker process

    Hi
    I have created a least privileged a/c by following what the ASP.NET security
    doc, secmod15, suggested. Then I tried to load the login.aspx page again,
    and this time I get
    HTTP 401.1 - Unauthorized: Logon Failed

    I have checked the event logs. Under System Log I found the related error,
    it says
    The server was unable to logon the Window NT account <the_custom_a/c> due to
    the following error: Logon failure: the user has not been granted the
    requested logon type at this computer. The data is the error code.
    Data (if Words is selected) : 00000569.

    I have double checked and could not figure out yet! Can anyone advise on
    this please?!

    TIA
    --



    Guest

  2. #2

    Default Re: custom account for ASP.NET worker process

    Hello dl,

    have you put the account into IIS_WPG?? i assume the "logon as a service"
    priv is missing - but you normally get this by adding the account to this
    group.

    also - an undoented fact is : IIS caches the token for the WP - if you
    change settings of the account (groups, privs) after you configured the AppPool
    you have to "iisreset".

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com
     



    Dominick Guest

  3. #3

    Default Re: custom account for ASP.NET worker process

    Hi Dominick
    What is IIS_WPG, I couldn't find it anywhere, by the way I am using win2000
    server. But I did assign logon as a service to the custom account.
    How to do an iisreset? Do you mean to redefine the application again?

    TIA

    "Dominick Baier [DevelopMentor]" <com>
    wrote in message news:microsoft.com... 
    AppPool 
    >
    >
    >[/ref]


    Guest

  4. #4

    Default Re: custom account for ASP.NET worker process

    Hello dl,

    ah - IIS5 - well - that's too long ago :))

    no honestly - i really recommend upgrading to IIS6.

    In IIS5 you are limited to a single worker process account which is a security
    nightmare.

    Have you tried enabling auditing for logon events to see what the reason
    could be?

    how does your <processModel> element look like?

    iisreset is a command line too which restart w3svc.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com
     
    > AppPool
    > [/ref][/ref]



    Dominick Guest

  5. #5

    Default Re: custom account for ASP.NET worker process

    Hi Dominick
    I have no choice, as my user would not want to go for Windows Server 2003
    just yet! For now, there will only be one application running under this
    server so, I guess IIS5 is sufficient for now.
    Also, I am running on a domain controller, I guess the auditing need to be
    enabled using the "domain controller security policy" module, and after that
    do I just read it from event viewer or is there any log file I need to open?
    Thanks

    "Dominick Baier [DevelopMentor]" <com>
    wrote in message news:microsoft.com... 
    security 
    > > AppPool
    > > [/ref]
    >
    >
    >[/ref]


    Guest

  6. #6

    Default Re: custom account for ASP.NET worker process

    Hello dl,

    generally - i wouldn't recommend running on a DC - but technically it is
    possible of course.

    Yes - it is in the security log - use Event Viewer for that.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com
     
    > security
    > [/ref][/ref]



    Dominick Guest

Similar Threads

  1. Worker Process Account for ASP.NET
    By Ajay Choudhary in forum ASP.NET Security
    Replies: 1
    Last Post: April 20th, 08:19 AM
  2. worker process aspnet_wp.exe identity
    By Calvin in forum ASP.NET Security
    Replies: 1
    Last Post: August 20th, 03:27 PM
  3. Worker Process Timeout Woes
    By beachnut in forum ASP.NET General
    Replies: 0
    Last Post: August 10th, 07:12 PM
  4. Two Worker Process running at once
    By Adam in forum ASP.NET General
    Replies: 5
    Last Post: July 29th, 07:00 PM
  5. ASP.NET worker process size keeps growing.
    By Hoon in forum ASP.NET General
    Replies: 1
    Last Post: July 3rd, 09:46 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139