Getting Started (.Net)


Getting Started (.NET Framework)


1. Create New Local Account:

1.                  Create a local account (for example, “CustomASPNET”)

2.                  Make sure you use a strong password for the account.

3.                  Clear the User must change password at next logon option.

4.                  Select the Password never expires option.

2. Assign Minimum Privileges:

This procedure assigns the minimum set of privileges necessary to run ASP.Net.

  1. From the Administrative Tools programs group, start the Local Security Policy tool.
  2. Expand Local Policies, and then select User Rights Assignment.
    A list of privileges is displayed in the right pane.
  3. Assign the following privileges to the new account:
    • Access the computer from the network
    • Deny logon locally
    • Log on as a batch job
    • Log on as a service

Note To assign a privilege to an account, double-click the privilege, and the click Add to select the required account.

Close the tool.

3. Assign NTFS Permissions:

This procedure grants the custom ASP.Net account required NTFS permissions within the local file system.

Note The steps in this procedure apply to the file system on the Web server (and not a remote computer, where you may be duplicating the account, for network authentication purposes).


Assigning NTFS permissions

Start Windows Explorer and assign the appropriate permissions to the folders specified in [Table #1].

Note To change permissions in Windows Explorer, Right click the folders in Windows Explorer, click the Properties menu option, and select the Security tab. To apply changes to child objects click the Advanced button on the properties dialog box, and select the option Replace permission entries on all child objects with entries shown here that apply to child objects. Click OK on the Advanced Security Setting dialog box, and then click Apply, or OK.

4. Configure ASP.Net to Run Using the New Account

This procedure edits the machine.config to configure ASP.NET to run using the new account.


To Configure ASP.NET to run using the new account

1. Open machine.config using Visual Studio.Net or Notepad.
Machine.config is located in the following folder:


2. Locate the <processModel> element and set the user name and password attributes to match your new custom account.

Default: <!—username=”machine” password=”AutoGenerate” -- >

Becomes: <!—username=”CustomASPNET” password=”YourStrongPassword” -- >

3. Save  the changes to machine.config

Note With the current release of the .NET Framework, there is no way to avoid storing the password in clear text. While storing clear text credentials is not recommended, the machine.config file is considered more secure because it is located outside the Web space. You should secure machine.config against unnecessary access by using an appropriately configured ACL.

In Windows Server 2003, the credentials will be encrypted for greater protection.

Also Read Internet Information Server (IIS) Setup with .Net



Getting Started(.Net)-IIS


Copyright © 2003, 1991 - 2002




Last Updated 06/30/2004