Whenever I have setup Umbraco I have strictly followed the install guides, hence NETWORK SERVICE is always given "full control" on the appropriate folders and files.
I have recently migrated my site onto a UK web host and I emailed their technical support to ask why "NETWORK SERVICE" wasn't in the list of users under my Permission options. They told me:
"Our systems do not use the Network Service to run asp.net applications.
We isolate each site with it's own Worker Process user. This is listed
the permissions option in the File Manager, (IIS_WP User)."
So I followed there instructions and gave the "full control" to this IIS_WP user instead. I was wondering if this is safe - as I have a limited understanding of permissions on web servers - especially Windows - so I thought it would be best to check if I am making my website vulnerable to attacks or whether its actually secure.
I am not an expert on IIS and windows server permissions but, I have experienced the same scenario installing Umbraco on a shared host. They also isolated each site with a worker process of its own. This should not be a security issue as long as the hosting company knows what they are doing. If anything it should be more secure.
By default your ASP.NET application runs under the NETWORK SERVICE user. So that's why you need to set permissions for this particular user. In this case the hosting company chooses to run the application under a different user. So only thing which you need to do is apply the permissions for the user your hosting company has configured. I don't see any issues here.
Permissions for NETWORK SERVICE
Hi,
Whenever I have setup Umbraco I have strictly followed the install guides, hence NETWORK SERVICE is always given "full control" on the appropriate folders and files.
I have recently migrated my site onto a UK web host and I emailed their technical support to ask why "NETWORK SERVICE" wasn't in the list of users under my Permission options. They told me:
"Our systems do not use the Network Service to run asp.net applications. We isolate each site with it's own Worker Process user. This is listed the permissions option in the File Manager, (IIS_WP User)."
So I followed there instructions and gave the "full control" to this IIS_WP user instead. I was wondering if this is safe - as I have a limited understanding of permissions on web servers - especially Windows - so I thought it would be best to check if I am making my website vulnerable to attacks or whether its actually secure.
Any advice would be great, cheers, Garry.
I am not an expert on IIS and windows server permissions but, I have experienced the same scenario installing Umbraco on a shared host. They also isolated each site with a worker process of its own. This should not be a security issue as long as the hosting company knows what they are doing. If anything it should be more secure.
By default your ASP.NET application runs under the NETWORK SERVICE user. So that's why you need to set permissions for this particular user. In this case the hosting company chooses to run the application under a different user. So only thing which you need to do is apply the permissions for the user your hosting company has configured. I don't see any issues here.
Ok thanks guys, much appreciated.
is working on a reply...