 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / March 2006App pool identity
I want to run a web-service under a custom (least required priveleged, but with /some/ access) account -but all I get is service unavailable; I have * Created a new account * Enabled logon as a service * Added to the IIS_WPG group * Ensured account has access to the relevant file system (read, list, execute) * Configured the app-pool to use the account This doesn't fix it; even adding to the local administrators group doesn't help! However, running as the local administrator account *does* work. So! Any idea what step I have missed? Marc I don't really know what the problem is at your end. But the general practice is to use either Anonymous Access or Windows Authentication to a web service. In your case, you are trying to use a different account because you want to restrict that account to some files you're accessing on the file system. For that, in the code that does the file system interaction, impersonate the user account you created and use that account while reading/accessing the files. That way, client to WS access remains with the IIS defaults and WS to file access is controlled by the rights you have defined. That might be a design you want to consider - relatively simpler to configure and even more simpler to maintain if you wanted to move servers, etc. Regards, Pandurang  Signatureblog: www.thinkingMS.com/pandurang > I want to run a web-service under a custom (least required priveleged, but > with /some/ access) account -but all I get is service unavailable; [quoted text clipped - 13 lines] > > Marc Thank you for the input; > In your case, you are trying to use a different account because you want > to > restrict that account to some files you're accessing on the file system Actually, no we aren't; this is nothing to do with access to files (although we are using the identity to provide access to the database, but that's a few steps past the "Service Unavailable" failure). All we are doing here is assigning identity to the app-pool to achieve a: true application-isolation, b: allow for trusted access to the database, and c: move the credentials outside of the visibility of the web application (specifically, outside of web.config; even encrypted, the details are transparent to anything inside the application). Note that this should (by all accounts) work just fine; it has worked on every server we have tried, and now it is failing as we attempt to implement on the live system (d'oh!). Obviously something is breaking it, but we don't know what (yet); a vanilla install with all patches, changes etc works fine. Marc >I don't really know what the problem is at your end. But the general >practice [quoted text clipped - 39 lines] >> >> Marc For reference, I have found the answer to this... you simply [sic] uninstall and reinstall IIS on each and every server... ;-/ Marc >I want to run a web-service under a custom (least required priveleged, but >with /some/ access) account -but all I get is service unavailable; [quoted text clipped - 13 lines] > > Marc Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.