“ASPNET” vs. “NETWORK SERVICE”
by
Well, this just wasted the better part of 2 hours. I’m trying to lock down an ASP.NET app that i’m writing to “least privalege”. I’ve got the ASPNET and IUSR_ permissions set to “read”, “execute” and “list”. I kept getting “Server cannot access application directory ‘c:inetpubblahblahblahblah’. The directory does not exist or is not accessible because of security settings.”
And i just keep beating my head against this error message for like hours. If I enable “everyone” then everything’s great. Take it away and error. Then I started getting a little tickle in the back of my head suggesting giving rights to “NETWORK SERVICE”. I do that and everything’s golden.
The moral of the story is “ASPX runs as ‘NETWORK SERVICE’ on Windows 2003.”
As I used to say back in back in 3rd grade….“durt durt durrrrrrrrr.“
-Ben
I did clear some of the problem from your article in your blog. Now, I knew that ASPNET is a local machine account. I was having the same sought of problem, but the environmnet is quite differnet. I developed my application in Windows XP Pro and then deployed in an Windows 2000 Server machine which acts as a Back up Domain Controller. However initially it worked well…but when I tried to deploy more app using XCOPY..things did not go as I intended. To make it worse the previous apps gets this error: “Server cannot access application directory ‘c:inetpubblahblahblahblah’. The directory does not exist or is not accessible because of security settings.”