ASPNET account

[Nikhil Patel]

Hi all,
I have written a web application that connects to Sql Server. I am using
Windows Authentication with ASPNET local account. Do you think I should
explicitly set the password for ASPNET or should I just let it generate
automatically?

NOTE: I am not sure whether the web server and database server will be on
the same machine when we deploy. Most likely they will be on the same
machine. In that case, I guess, I can let it generate the password
automatically for ASPNET account. But do I have to set the password if the
web and database servers are on different machines?

Thanks.
-Nikhil

 

[Scott Allen]

Hi Nikhil:

Letting the runtime generate and manage the password is the easiest
and least error prone solution.

If SQL Server is on a seperate machine, and you want to use the ASPNET
account, then yes, one of the option available is to create an ASPNET
account on the database server and manually set the passwords so they
are identical. Another option is to run the asp.net worker process
under a domain account with access to SQL Server.

 

[Nikhil Patel]

Hi Scott,
Thanks for your reply.One more question - Do you think impersonating
domain account would be a better solution than running asp.net worker
process under a domain account?

Thanks.

 

[Scott Allen]

Hi Nikhil:

Either one would work (as long as you are talking about impersonation
using a username and password in web.config, not just setting
impersonate="true" in web.config).

In my experience, using local machine accounts can be a little more
robust. Network admins have a tendancy to do things to break domain
accounts - like expiring passwords and such. I've always tried to
stick to local accounts - but then I've had a lot of clients with
screwed up domains.