|
Home > Archive > IIS ASP > May 2004 > Security Issue ASP.NET-IIS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Security Issue ASP.NET-IIS
|
|
| Reza Alirezaei 2004-05-30, 11:53 am |
| Is it possible to define an account in <Identity> in web.config which
dosen't exist in
domain???
The following line is in somebody's ASP.Net application:
I was viewing somebody's application I found the following line in his
web.config
<identity impersonate="true" userName="DOMAIN_NAME\ASP_NET_TESTER"
password="TEST"/>
but problem is that I didn't find user ASP_NET_TESTER on the domain and
application is working fine.
By the way ,,he has enabeld annonymous access to his web application using a
completely diferent account called "IUSR_DEV"
thanks for your help.
| |
| Aaron Bertrand - MVP 2004-05-30, 11:53 am |
| http://www.aspfaq.com/5002
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"Reza Alirezaei" <anonymous@discussions.microsoft.com> wrote in message
news:OZxb6E1QEHA.3596@tk2msftngp13.phx.gbl...
> Is it possible to define an account in <Identity> in web.config which
> dosen't exist in
>
> domain???
>
> The following line is in somebody's ASP.Net application:
> I was viewing somebody's application I found the following line in his
> web.config
> <identity impersonate="true" userName="DOMAIN_NAME\ASP_NET_TESTER"
> password="TEST"/>
>
> but problem is that I didn't find user ASP_NET_TESTER on the domain and
> application is working fine.
> By the way ,,he has enabeld annonymous access to his web application using
a
> completely diferent account called "IUSR_DEV"
>
>
> thanks for your help.
>
>
>
>
>
|
|
|
|
|