stackoom
  简体   繁体   中英

What account should I use for ASP.NET?

 原文  2009-10-19 11:09:22       asp.net/ security

Question

By default ASP.NET uses the network service account, is this the account I should be using with ASP.NET in production? What are the best practices related to the account used by ASP.NET?

Regards

Edit: If this makes any difference, I'll be using ASP.NET on a Windows 2008 server

5 answers

solution1
 4 ACCPTED  2009-10-19 11:15:01

For production, you should create a service account that has only the bare minimum permissions in order to run the web application.

The Microsoft Patterns and Practices team provides the following guidance on this:

How To: Create a Service Account for an ASP.NET 2.0 Application

solution2
 3  2009-10-19 11:18:29

You're gonna get lots of "it depends" answers but here's my 2 cents anyway.

Consider password change management, potential damage through compromise, as well as application needs eg trusted connectivity.

In most scenarios Network Service comes out best in these dimensions.

  1. it doesn't have a password, and never expires - no change management required
  2. it cannot be used as interactive login on other machines
  3. it can be used in trusted connections and ACL'd access to other hosts via the credential <domain>\\<machinename>$

Of course your app may have different needs - but typically we use Network Service wherever possible - we run 10,000's of machines.

solution3
 1  2009-10-19 11:16:57

Unless you have some other need -- like a requirement to use integrated authentication to SQL Server for a database connection -- I would stick with the default account. It has fewer privileges than many other accounts, yet is enabled with the necessary privileges to run web applications. Caveat here: we typically don't make any privilege changes for the network service account and usually fire up a VM per production application (or set of related applications) rather than configuring multiple applications per server. If you are running multiple applications per server or make changes to the network service account's privileges for other reasons, you may want to consider using a separate service account for each application. If you do, make sure that this service account has the fewest privileges necessary to run ASP.NET applications and perform any additional tasks required.

solution4
 0  2009-10-19 11:15:19

您应该使用特权级别较低的帐户

solution5
 0  2009-10-19 11:15:48

1) Create a specific user account for each application

2) Create an Application Pool that runs under this account

3) The Website should be configured to run under this Application Pool.

4) In SQL Server, use Windows Authentication and give DB permissions to this User.

5) Use this User in a connection string (ie no passwords in connection string)

6) Use this User to assign permissions to other resources as required.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question should I use impersonation in asp.net? What control should I use for showing “Featured Products” on my ASP.net Website? What should I use to serialize a DataTable to JSON in ASP.NET 2.0? What database hostname should I use for ASP.NET apps with docker-compose? What decryption should i use between my Android app and ASP.NET Webservice? What asp.net portal software should I use for my personal site? How to generate and download .imp file in asp.net and what MIME type should I use? What parts of asp.net, c# and database should I use to create a forum like stackoverflow? What should I use to have users log into my ASP.net application? What should I use for graphs in an ASP.NET 2.0 web application?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM