tags:

views:

25

answers:

2
Q: 

User permissions to create iis7 site

Hello people!

I have a special web site that can create new sites using IIS7 ServerManager:

using (ServerManager serverManager = new ServerManager())
{
     // create new site logic here    
}

This special site has to be running under system account to be able to manage IIS7. Is there any way to create a special windows user to be set as site's application pool identity and give this user special rights only to access IIS7 but not a full system access?

The reason why I want to do this is to give site's process identity as less permissions as possible.

Please let me know if the question is not clear enought :)

A: 

If you create a new account to be the app pool identity you need to use this code to give it the right priviliges then after than add the required rights to create sites:

navigate to:

C:\Windows\Microsoft.NET\Framework\v2.0.50727

then do:

aspnet_regiis -ga DomainOrMachineName\AccountName

See here http://msdn.microsoft.com/en-us/library/ff649309.aspx#paght000009_step2

Richard  2010-10-14 11:29:50
A: 

It really depends on exactly what that application should be able to do, if all you want to do is the ability to create a new site, you can create an account and grant read and write access to %windir%\system32\inetsrv\config\applicationHost.config. Having said that be very careful of doing that, since once they can write to that file they could do powerfull things, for example, add a new Application pool running as System and at that point be able to run their code using an identity as powerfull as it gets.

If you want to allow them to recycle, start & stop, etc, for runtime objects like sites, application pools, app domains, etc, then you will need additional steps, but I would not recommend doing that.

Also, if you are actually setting encrypted properties (such as a password in the Application Pools, or Virtual Directories) then you will also need to grant permissions for the encryption keys, but I would also recommend against that, since that would give them the ability to decrypt the passwords.

CarlosAg  2010-10-14 18:59:44

related questions

Which resolution to target for a Mobile App?
iPhone app that access the Core Location framework over web
Displaying version of underlying software in footer of web app?
How Did You Decide Between WISA and LAMP?
What strategies have you employed to improve web application performance?
What skills do you need for proper UI/Interaction/Functional design in Web Apps?
Storing logged in user details
How do you unit test web apps hosted remotely?
Broken chart images in Crystal Reports in web application
Best Way to Begin Learning Web Application Design
JRuby / Rack deployment
How to affordably release a Web App
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
iPhone web applications, templates, frameworks?
How do you stress test a web application?
RSS feeds from Gallery2
Recommendation for straight-forward python frameworks
Graphing JavaScript Library
What to use for login ID?
What's your opinion on using UUIDs as database row identifiers, particularly in web apps?
Implementing an online ordering system for a restaurant/cafe.
Web App Beta
What Hosting Service is best for Django applications?
How to make subdomain user accounts in a webapp