Identity of asp_wp.exe

Explore Related Content On ".Net Technology"

• Hot Articles & Questions on ".Net Technology"
• Identity mapper
• Identity mapper
• Identity mapper
• identity impersonation definition in web.config
• Identity Impersonate problem
• Identity impersonate not working
• Identity Impersonate - Multithreading?
• identity impersonate
• identity constraint not declare..Help~
• Identifying XML schema validation errors in.NET 2.0

• Open Articles & Questions on ".Net Technology"
• Identity issues with dataset
• Identity Impersonation question.
• identity impersonation & redirection
• identity impersonate
• identity impersonate
• identity impersonate
• identity element on DC not allowed
• Identity delegation problem
• Identity delegation problem
• Identifying visitor that browses & keeping track of the visitors unique shopping cart

All Comments

Leave a comment...

• 3 Comments
• • 
  • re:

    !> Unfortunately, the method of changing asp_wp.exe identity described on

    !> http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not work.

    Yes, it does work. I've helped many people set up accounts using those instructions.

    You can safely ignore the Application Pool instructions, since W2K doesn't use them.

    re:

    > How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from

    > ASPNET to LocalSystem?

    Are you sure you don't mean the SYSTEM account ?

    Besides impersonating the user, per the article :

    <system.web>

    <processModel enable="true"

    userName="System" />

    </system.web>

    The "System" account doesn't need a password.

    Also, that only works in machine.config, not in web.config.

    I'd avoid impersonating the ASP.NET process account in machine.config.

    You should do it, for a particular application, in web.config :

    <identity impersonate="true" userName="accountname" password="password" />

    See:

    http://support.microsoft.com/default.aspx/kb/306158

    Additionally, run

    aspnet_regiis -ga "MachineName\Account"

    Additionally, make sure the following ACLs are set :

    http://msdn2.microsoft.com/en-us/library/kwzs111e(VS.80).aspx

    Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you should *avoid* it.

    You can run ASP.NET as *any* account you want to, provided you assign the correct permissions.

    If you want to go that way ( and you should ), follow the instructions at :

    http://msdn2.microsoft.com/en-us/library/ms998297.aspx

    ...*and* run the steps detailed above.

    Juan T. Llibre, asp.net MVP

    asp.net faq : http://asp.net.do/faq/

    foros de asp.net, en espaol : http://asp.net.do/foros/

    ===================================

    "Przemo Karlikowski" <karlik.remove.this.dotnet-tech.itags.org.post.pl> wrote in message

    news:OV3JxjBjHHA.4624.dotnet-tech.itags.org.TK2MSFTNGP03.phx.gbl...

    > Hello!

    > How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from

    > ASPNET to LocalSystem?

    > I want to do it to bypass SeTcbPrivelege privelege problem.

    > Unfortunately, the method of changing asp_wp.exe identity described on

    > http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not work.

    > Thank you in advance.

    >

    #1; Sun, 01 Jun 2008 12:11:00 GMT
• • 
  • I already had it in my machine.config:

    <system.web>

    <processModel enable="true" userName="System" />

    </system.web>

    I also ran

    aspnet_regiis -ga SYSTEM

    But instead of killing aspnet_wp.exe I should have restarted whole IIS and

    that was the issue.

    Now it works.

    I'm writing Asp.Net application that manages Windows accounts, and for

    several reasons it needs to run on System account.

    At least on Windows 2000.

    "Juan T. Llibre" <nomailreplies.dotnet-tech.itags.org.nowhere.com> wrote in message

    news:%23j5Uj4BjHHA.4064.dotnet-tech.itags.org.TK2MSFTNGP02.phx.gbl...

    > re:

    > !> Unfortunately, the method of changing asp_wp.exe identity described on

    > !> http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not

    > work.

    > Yes, it does work. I've helped many people set up accounts using those

    > instructions.

    > You can safely ignore the Application Pool instructions, since W2K doesn't

    > use them.

    > re:

    > Are you sure you don't mean the SYSTEM account ?

    > Besides impersonating the user, per the article :

    > <system.web>

    > <processModel enable="true"

    > userName="System" />

    > </system.web>

    > The "System" account doesn't need a password.

    > Also, that only works in machine.config, not in web.config.

    > I'd avoid impersonating the ASP.NET process account in machine.config.

    > You should do it, for a particular application, in web.config :

    > <identity impersonate="true" userName="accountname" password="password" />

    > See:

    > http://support.microsoft.com/default.aspx/kb/306158

    > Additionally, run

    > aspnet_regiis -ga "MachineName\Account"

    > Additionally, make sure the following ACLs are set :

    > http://msdn2.microsoft.com/en-us/library/kwzs111e(VS.80).aspx

    > Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you

    > should *avoid* it.

    > You can run ASP.NET as *any* account you want to, provided you assign the

    > correct permissions.

    > If you want to go that way ( and you should ), follow the instructions at

    > :

    > http://msdn2.microsoft.com/en-us/library/ms998297.aspx

    > ...*and* run the steps detailed above.

    >

    >

    > Juan T. Llibre, asp.net MVP

    > asp.net faq : http://asp.net.do/faq/

    > foros de asp.net, en espaol : http://asp.net.do/foros/

    > ===================================

    #2; Sun, 01 Jun 2008 12:12:00 GMT
• • 
  • re:

    > Now it works.

    Good news.

    re:

    !>I already had it in my machine.config:

    !> I'm writing Asp.Net application that manages Windows accounts, and for

    !> several reasons it needs to run on System account.

    As long as you understand that, by putting that in machine.config,

    *all* the applications which run on that server will run as the System account.

    Juan T. Llibre, asp.net MVP

    asp.net faq : http://asp.net.do/faq/

    foros de asp.net, en espaol : http://asp.net.do/foros/

    ===================================

    "Przemo Karlikowski" <karlik.remove.this.dotnet-tech.itags.org.post.pl> wrote in message

    news:%23e02SbDjHHA.4520.dotnet-tech.itags.org.TK2MSFTNGP02.phx.gbl...

    >I already had it in my machine.config:

    > <system.web>

    > <processModel enable="true" userName="System" />

    > </system.web>

    > I also ran

    > aspnet_regiis -ga SYSTEM

    > But instead of killing aspnet_wp.exe I should have restarted whole IIS and that was the issue.

    > Now it works.

    > I'm writing Asp.Net application that manages Windows accounts, and for several reasons it needs to

    > run on System account.

    > At least on Windows 2000.

    [vbcol=seagreen]

    > "Juan T. Llibre" <nomailreplies.dotnet-tech.itags.org.nowhere.com> wrote in message

    > news:%23j5Uj4BjHHA.4064.dotnet-tech.itags.org.TK2MSFTNGP02.phx.gbl...

    >

    #3; Sun, 01 Jun 2008 12:13:00 GMT