IIS and Visual Web Developer

[MikeR]

I've been playing with MS Visual Web Developer Beta, and in trying to get it configured to
work with my local web running IIS V5.1 (with SE, and SE2002) on an XP Pro box, came
across something I haven't been able to solve.
I'm being prompted for a user name and pw, both from VWD and the IIS console. I don't know
what it's looking for.
The prompt from the IIS console occurs if I click any of the 2002 items listed on the All
Tasks dialog, and if I select Properties | Server Extensions 2002 | Settings.
No prompt for the non-2002 tasks/server extensions.

Will the VDB play nicely with my FP site, and what do I use for the user/pw ?
MikeR 1st

 

[clintonG]

It sounds like you are being asked for Windows credentials.
Are you an Administrator on XP and have your tried providing the same
credentials used to login to XP? Is that user account (you) added to the
directory where the local web is located? Have you added the ASPNET account
to that directory with RW permissions?

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

 

[MikeR]

Hi Clinton -
That's what it looks like to me too. I'm an admin on my box, but I don't login on any of
the 3 XP boxes here (and I like it like that). I don't recall ever setting a password.
ASPNET account? What's that?

The greatest curiosity is that from the IIS snapin, I can perform any of the tasks
associated with the default extensions, but not with the 2002/Sharepoint stuff.

MikeR 1st

 

[clintonG]

On XP Pro IIS 5.1 ASPNET is the user account for the DNF (.NET Framework)
On Windows Server 2003 IIS 6 the user account for the DNF is NETWORK SERVICE
often listed as NT AUTHORITY\NETWORK SERVICE.

We don't need to set a password for these user accounts but the DNF must
have read write access to the directory where an ASP.NET application runs.
The most common scenario being when we create the directories using Windows
Explorer and then copy .aspx files into the directory requires us to then
add the DNF user account to that directory.

<%= Clinton Gallagher

 

[Jim Cheshire]

On XP Pro IIS 5.1 ASPNET is the user account for the DNF (.NET
Framework) On Windows Server 2003 IIS 6 the user account for the DNF
is NETWORK SERVICE often listed as NT AUTHORITY\NETWORK SERVICE.

We don't need to set a password for these user accounts but the DNF
must have read write access to the directory where an ASP.NET
application runs. The most common scenario being when we create the
directories using Windows Explorer and then copy .aspx files into the
directory requires us to then add the DNF user account to that
directory.

The worker process account does not need write access, nor should it have
it. It only requires the default permissions which are Read and Execute,
List Folder Contents, and Read.

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
http://www.jimcoaddins.com

The premiere add-in and software source
for Microsoft FrontPage.

 

[clintonG]

Q: How does an .asp/.aspx application write to a file in a directory that
was not the directory where the .asp/aspx application was executed?

A: write access is required

Q: How does an .asp/.aspx application write to a file in a directory that is
on a different share or machine than from where the .asp/aspx application
was executed?

A: write access is required

Are you saying those statements are incorrect?

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

 

[MikeR]

Clinton & Jim -
I apppreciate y'alls responses, but they're over my head. I'm missing some "start-up"
knowlege. I'll have to dig on the dot asp stuff.

I'm a bit more concerned I think about the extensions signon request, although any further
info on the beta ware is appreciated.

Miker 1st

 

[Jim Cheshire]

Q: How does an .asp/.aspx application write to a file in a directory
that was not the directory where the .asp/aspx application was
executed?
A: write access is required

Q: How does an .asp/.aspx application write to a file in a directory
that is on a different share or machine than from where the
.asp/aspx application was executed?

A: write access is required

Are you saying those statements are incorrect?

No. I'm saying that it is not correct to give the worker process account
that level of access.

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
http://www.jimcoaddins.com

The premiere add-in and software source
for Microsoft FrontPage.

 

[clintonG]

Microsoft says this [1] about permissions (same is correct for IIS 5) and
user rights and there are other resources [2] which speak to this issue.
Note there are circumstances that require providing write access. I didn't
cover those circumstances.

search: "worker process"+"permissions"

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

[1] http://www.asp.net/faq/AspNetAndIIS6.aspx#3
[2]
http://www.denisbauer.com/weblog/NeededPermissionsForTheASPNETWorkerProcessUser.aspx

 

[Jim Cheshire]

Microsoft says this [1] about permissions (same is correct for IIS 5)
and user rights and there are other resources [2] which speak to this
issue. Note there are circumstances that require providing write
access. I didn't cover those circumstances.

search: "worker process"+"permissions"

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

[1] http://www.asp.net/faq/AspNetAndIIS6.aspx#3
[2]
http://www.denisbauer.com/weblog/NeededPermissionsForTheASPNETWorkerProcessUser.aspx

There are not situations that *require* the process account to have Write
access. As a best practice, the process account should always be treated as
a low-privileged account and should not have Write access to content. That
is why Rob put the huge CAUTION banner in red text.

As a matter of best practice, if you have code that requires Write access,
you should use code-level impersonation to execute that code and then revert
to a low-privileged account once the code has completed.

I don't need to search for info on this stuff. It's what I do for a living!


--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
http://www.jimcoaddins.com

The premiere add-in and software source
for Microsoft FrontPage.

 

[MikeR]

Anybody else?
MikeR 1st

 

[clintonG]

FWIW here is the official documentation [1]

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

[1]
http://support.microsoft.com/defaul...port/kb/articles/q317/0/12.asp&NoWebContent=1

Microsoft says this [1] about permissions (same is correct for IIS 5)
and user rights and there are other resources [2] which speak to this
issue. Note there are circumstances that require providing write
access. I didn't cover those circumstances.

search: "worker process"+"permissions"

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

[1] http://www.asp.net/faq/AspNetAndIIS6.aspx#3
[2]
http://www.denisbauer.com/weblog/NeededPermissionsForTheASPNETWorkerProcessUser.aspx

There are not situations that *require* the process account to have Write
access. As a best practice, the process account should always be treated
as a low-privileged account and should not have Write access to content.
That is why Rob put the huge CAUTION banner in red text.

As a matter of best practice, if you have code that requires Write access,
you should use code-level impersonation to execute that code and then
revert to a low-privileged account once the code has completed.

I don't need to search for info on this stuff. It's what I do for a
living!

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com
http://www.jimcoaddins.com

The premiere add-in and software source
for Microsoft FrontPage.

 

[JIMCO Software]

FWIW here is the official documentation [1]

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

[1]
http://support.microsoft.com/defaul...port/kb/articles/q317/0/12.asp&NoWebContent=1

This article says that you CAN give ASPNET Write permissions. That's
certainly true, but it's a bad idea unless you have no other option (and you
always do.)

I will have this article changed.

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003