Machine.Config -- ProcessModel vs Impersonation

[Wm. Scott Miller]

What is the difference between using a username and password in the
processmodel section vs using one in impersonation in the machine.config
file? What are the advantages of each and what are the usages of each?

Thanks for any replies,
Scott

[Ken Schaefer]

Hi,

You do not get a choice between which to use. :-)

If you configure impersonation, then that is the account that will be
"impersonated" by ASP.NET for the purpose of accessing resources. Otherwise,
it will use the process identity. The process identity is ASPNET for v1.0 on
Windows 2000, and IWAM_<machinename> for v1.1 on Windows 2000, and the Web
App Pool's identity on Windows 2003. If these defaults are fine, then there
is no reason to change them.

Cheers
Ken


"Wm. Scott Miller" <Scott.Miller@spam.killer.wvinsurance.gov> wrote in
message news:%23vTV74lQEHA.2248@TK2MSFTNGP12.phx.gbl...
: So which would be better to use for database access? Both work for what
I'm
: doing, but I'm concerned because I'm new to ASP.NET. Which is better for
: this type of thing? What are the advantages and disadvanages of each one
in
: relation to database access and network share access etc? What I'm most
: confused about is both appear to work for both of my needed tasks, so why
: have two ways to do it? Are there real advantages and disadvantages to
each
: or are they equivalent?
:
: From what I understand, both would be of no consequence should the machine
: become compromised, even when using the "secure" ASPNET_SETREG utility to
: store the Identity information and the integrated IIS 6.0 worker process
: username/password pair (or using the same utility for IIS 5.x in the
: ProcessModel section of the machine.config). Reason is that these are
: stored using encryption based on the machine. Once you are in the
machine,
: you can decrypt from the registry.
:
: So which one makes it most secure/more difficult to crack?
:
: Thanks for the reply!
:
: Scott
:
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: news:eGwMhqgQEHA.964@TK2MSFTNGP10.phx.gbl...
: > ProcessModel is the identity of the process itself (eg the aspnetwp.exe
: > process)
: >
: > Impersonation is the account that should be used (Impersonated) by
ASPNET
: to
: > access resources (eg read an .aspx file off the hard disk)when requests
: come
: > in.
: >
: > Cheers
: > Ken
: >
: > "Wm. Scott Miller" <Scott.Miller@spam.killer.wvinsurance.gov> wrote in
: > message news:Onp53gaQEHA.640@TK2MSFTNGP09.phx.gbl...
: > : What is the difference between using a username and password in the
: > : processmodel section vs using one in impersonation in the
machine.config
: > : file? What are the advantages of each and what are the usages of
each?
: > :
: > : Thanks for any replies,
: > : Scott
: > :
: > :
: >
: >
:
: