Board index » Web Programming » Application Pools and impersonation in web.config

Thato

Application Pools and impersonation in web.config

Web Programming136
Hi,



We currently have a web based application that works and is runnnig under

IIS 6.0 and has a domain account and password defined in web.config with

impersonation turned on. The website is linked to an application pool that

runs under an identity of 'network service'. We would like to remove the

username and password entries from web.config and instead use this account as

the identity for the aplication pool instead. We have tried this and found

that it doesn't work.



This web.config account is a member of IIS_WPG. How can we setup the

application pool to use the web.config account and remove the password

entries from web.config?


-
 
David

Registered User

Wed Oct 11 21:46:47 CDT 2006

Re:Application Pools and impersonation in web.config

Can you clarify what exactly is not working?



Is the application pool not accepting the provided username/password

(i.e. Application Pool fails to start) - this will have event log

messages detailing what is wrong.



Is the application not using the process identity to perform its task.

With an ASP.Net application, turn off impersonation and it should be

running code as the process identity.



Or is it something else.





//David

w3-4u.blogspot.com">w3-4u.blogspot.com

//



Asit wrote:

Quote
Hi,



We currently have a web based application that works and is runnnig under

IIS 6.0 and has a domain account and password defined in web.config with

impersonation turned on. The website is linked to an application pool that

runs under an identity of 'network service'. We would like to remove the

username and password entries from web.config and instead use this account as

the identity for the aplication pool instead. We have tried this and found

that it doesn't work.



This web.config account is a member of IIS_WPG. How can we setup the

application pool to use the web.config account and remove the password

entries from web.config?



-
Asit

Registered User

Wed Oct 11 22:07:01 CDT 2006

Re:Application Pools and impersonation in web.config

The application pool is accepting the use name and is starting. If I set

impersonation to false and remove the username and password from web.config,

and instead use these credentials under the application pool, I get a HTTP

error 401.1 when running the application,







"David Wang" wrote:



Quote
Can you clarify what exactly is not working?



Is the application pool not accepting the provided username/password

(i.e. Application Pool fails to start) - this will have event log

messages detailing what is wrong.



Is the application not using the process identity to perform its task.

With an ASP.Net application, turn off impersonation and it should be

running code as the process identity.



Or is it something else.





//David

w3-4u.blogspot.com">w3-4u.blogspot.com

//



Asit wrote:

>Hi,

>

 >We currently have a web based application that works and is runnnig under

>IIS 6.0 and has a domain account and password defined in web.config with

>impersonation turned on. The website is linked to an application pool that

>runs under an identity of 'network service'. We would like to remove the

>username and password entries from web.config and instead use this account as

>the identity for the aplication pool instead. We have tried this and found

>that it doesn't work.

>

 >This web.config account is a member of IIS_WPG. How can we setup the

>application pool to use the web.config account and remove the password

>entries from web.config?





-

David

Registered User

Wed Oct 11 22:15:56 CDT 2006

Re:Application Pools and impersonation in web.config

What authentication protocol is used when you make a request to the

application that returns 401.1.



blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx">blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx





//David

w3-4u.blogspot.com">w3-4u.blogspot.com

//



Asit wrote:

Quote
The application pool is accepting the use name and is starting. If I set

impersonation to false and remove the username and password from web.config,

and instead use these credentials under the application pool, I get a HTTP

error 401.1 when running the application,







"David Wang" wrote:



>Can you clarify what exactly is not working?

>

 >Is the application pool not accepting the provided username/password

>(i.e. Application Pool fails to start) - this will have event log

>messages detailing what is wrong.

>

 >Is the application not using the process identity to perform its task.

>With an ASP.Net application, turn off impersonation and it should be

>running code as the process identity.

>

 >Or is it something else.

>

 >

 >//David

>w3-4u.blogspot.com">w3-4u.blogspot.com

>//

>

 >Asit wrote:

>>Hi,

>>

 >>We currently have a web based application that works and is runnnig under

>>IIS 6.0 and has a domain account and password defined in web.config with

>>impersonation turned on. The website is linked to an application pool that

>>runs under an identity of 'network service'. We would like to remove the

>>username and password entries from web.config and instead use this account as

>>the identity for the aplication pool instead. We have tried this and found

>>that it doesn't work.

>>

 >>This web.config account is a member of IIS_WPG. How can we setup the

>>application pool to use the web.config account and remove the password

>>entries from web.config?

>

 >

-
Asit

Registered User

Wed Oct 11 22:43:02 CDT 2006

Re:Application Pools and impersonation in web.config

We are using Windows Integrated authentication



"David Wang" wrote:



Quote
What authentication protocol is used when you make a request to the

application that returns 401.1.



blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx">blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx





//David

w3-4u.blogspot.com">w3-4u.blogspot.com

//



Asit wrote:

>The application pool is accepting the use name and is starting. If I set

>impersonation to false and remove the username and password from web.config,

>and instead use these credentials under the application pool, I get a HTTP

>error 401.1 when running the application,

>

 >

 >

 >"David Wang" wrote:

>

 >>Can you clarify what exactly is not working?

>>

 >>Is the application pool not accepting the provided username/password

>>(i.e. Application Pool fails to start) - this will have event log

>>messages detailing what is wrong.

>>

 >>Is the application not using the process identity to perform its task.

>>With an ASP.Net application, turn off impersonation and it should be

>>running code as the process identity.

>>

 >>Or is it something else.

>>

 >>

 >>//David

>>w3-4u.blogspot.com">w3-4u.blogspot.com

>>//

>>

 >>Asit wrote:

>>>Hi,

>>>

 >>>We currently have a web based application that works and is runnnig under

>>>IIS 6.0 and has a domain account and password defined in web.config with

>>>impersonation turned on. The website is linked to an application pool that

>>>runs under an identity of 'network service'. We would like to remove the

>>>username and password entries from web.config and instead use this account as

>>>the identity for the aplication pool instead. We have tried this and found

>>>that it doesn't work.

>>>

 >>>This web.config account is a member of IIS_WPG. How can we setup the

>>>application pool to use the web.config account and remove the password

>>>entries from web.config?

>>

 >>



-
David

Registered User

Thu Oct 12 05:38:57 CDT 2006

Re:Application Pools and impersonation in web.config

I believe you are seeing a classic misconfiguration with Integrated

Authentication, Domain machine, and custom Application Pool Identity

that is named in the blog entry.



//David

w3-4u.blogspot.com">w3-4u.blogspot.com

//



Asit wrote:

Quote
We are using Windows Integrated authentication



"David Wang" wrote:



>What authentication protocol is used when you make a request to the

>application that returns 401.1.

>

 >blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx">blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx

>

 >

 >//David

>w3-4u.blogspot.com">w3-4u.blogspot.com

>//

>

 >Asit wrote:

>>The application pool is accepting the use name and is starting. If I set

>>impersonation to false and remove the username and password from web.config,

>>and instead use these credentials under the application pool, I get a HTTP

>>error 401.1 when running the application,

>>

 >>

 >>

 >>"David Wang" wrote:

>>

 >>>Can you clarify what exactly is not working?

>>>

 >>>Is the application pool not accepting the provided username/password

>>>(i.e. Application Pool fails to start) - this will have event log

>>>messages detailing what is wrong.

>>>

 >>>Is the application not using the process identity to perform its task.

>>>With an ASP.Net application, turn off impersonation and it should be

>>>running code as the process identity.

>>>

 >>>Or is it something else.

>>>

 >>>

 >>>//David

>>>w3-4u.blogspot.com">w3-4u.blogspot.com

>>>//

>>>

 >>>Asit wrote:

>>>>Hi,

>>>>

 >>>>We currently have a web based application that works and is runnnig under

>>>>IIS 6.0 and has a domain account and password defined in web.config with

>>>>impersonation turned on. The website is linked to an application pool that

>>>>runs under an identity of 'network service'. We would like to remove the

>>>>username and password entries from web.config and instead use this account as

>>>>the identity for the aplication pool instead. We have tried this and found

>>>>that it doesn't work.

>>>>

 >>>>This web.config account is a member of IIS_WPG. How can we setup the

>>>>application pool to use the web.config account and remove the password

>>>>entries from web.config?

>>>

 >>>

 >

 >

-