IIS Server Security - Security issue (ASP.NET-IIS)

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > May 2004 > Security issue (ASP.NET-IIS)





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Security issue (ASP.NET-IIS)
Reza Alirezaei

2004-05-30, 11:52 am

Is it possible to define an account in <Identity> in web.config which
dosen't exist in

domain???

The following line is in somebody's ASP.Net application:
I was viewing somebody's application I found the following line in his
web.config
<identity impersonate="true" userName="DOMAIN_NAME\ASP_NET_TESTER"
password="TEST"/>

but problem is that I didn't find user ASP_NET_TESTER on the domain and
application is working fine.
By the way ,,he has enabeld annonymous access to his web application using a
completely diferent account called "IUSR_DEV"


thanks for your help.




Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com