ASP.NET Process Identity
ASP.NET uses a special worker process implemented in aspnet_wp.exe. You can enhance the overall security of your portal by carefully choosing an identity (essentially a Windows user account) under which this ASP.NET worker process executes.
If your other security measures fail and an intruding hacker gains control of your site, he or she will probably receive the access privileges of the ASP.NET worker process. You can diminish this risk by reducing the privileges associated with this account to a minimum. Running under the identity of a Local System account or an account from the Administrators group will significantly compromise your overall security. Initial releases of the .NET Framework defaulted this account to ...
Get Building Portals, Intranets, and Corporate Web Sites Using Microsoft Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
