IIS 5.0 Isolation Mode and IIS 6.0 ramblings

Recently I've encountered some application permission issues during QA when moved an existing app. from IIS 5.0 Isolation mode to IIS 6.0. Since the entire operation comprised of several layers (web - web service – Business objects - data access layer), there was a need to determine what user account is being used. I found myself writing the following lines which  helped.


Response.Write ("Page Identity: " + Page.User.Identity.Name.ToString ()+ "<br>");
Response.Write ("Principal Windows Identity: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString () + "<br>");
Response.Write ("Page Identity: " + System.Threading.Thread.CurrentPrincipal.Identity.Name.ToString ()+ "<br>");


It's common knowledge that in IIS 6.0, the worker process is w3wp.exe as compared to aspnet_wp in its predecessor. The process runs under the NETWORK SERVICE account. The NETWORK SERVICE account has access to the machine credentials for outbound connections. Following is the output of the Principal Windows Identity statement. A comparative analysis of other identities is explained here.



With IIS 5.0 Isolation mode:
Principal Windows Identity: <MachineName>\ASPNET


Without IIS Isolation mode
Principal Windows Identity: NT AUTHORITY\NETWORK SERVICE


I found the following links to be useful during this information pursuit.



 


 

Share