Why setting app pool identity as Network Service for asp.net web application?
Question
I've seen a web application running by Classic App Pool with Network Service identity. What should be the reason behind? what issue we face if use Local System/Local Service or other.
Please share your knowledge if anyone knows.
1 answers
solution1
2 2017-07-20 00:13:59
IIS 4.x/5.x used to use Local System/Local Service as default identity for IIS processes, which became a system-wide risk, as web servers like IIS can be hacked. Once hacked, malicious code would be executed under those powerful accounts to hack the whole Windows machine, and possible other resources in the same domain.
Thus, when Microsoft designed IIS 6, they switched to Network Service, which has significantly less permissions than the old options. Further on in IIS 7 and above, Microsoft introduced Application Pool Identities accounts to reduce more permissions. That's what @mason commented as "the principle of least privilege".
However, the whole IIS security story does not end here. Concepts such as DMZ and so on would bring more security to your web environment, which you should spend some time learning via specific materials (IIS security books and so on), not simply via a web forum.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.