IIS ASP - Security difference between replacing IUSR_XXX account and no anonymous

This is Interesting: Free IT Magazines  
Home > Archive > IIS ASP > July 2005 > Security difference between replacing IUSR_XXX account and no anonymous





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Security difference between replacing IUSR_XXX account and no anonymous
Glen Scott

2005-07-22, 8:47 pm

Hi, I'm writing an ASP app that administers an ISA server remotely.
The fact that it's an ISA server isn't my problem I believe.

My question? What is the security difference between disabling
anonymous access and using account X from the web client, versus
allowing anonymous access but using account X as the account that runs
the application?

When I configure my web application to allow anonymous access, but
set the anonymous process to use account X, my ASP code works (the ASP
code can administer my ISA Server). When I disable anonymous access, and
I log into the web application using the same account X I mention above,
I get an error 80070005 when my ASP code tries to connect to my ISA
server to administer it.

I would think the above two options would be equivalent, but they're
not.

What is the difference?

Thanks,
Glen Scott
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com