why was asp.net account added to users?

[bobw]

I registered with .NET this morning and noticed after I did that there was a new account in local users called asp.net. I have a few questions/concerns about that.

Why does .net need a local user's account, is it common knowledge that this account is added, is this normal procedure and isn't this a potential privacy issue?

Bob W

 

[Dimandja]

The aspnet_wp or ASP.NET Machine Account is created when the Microsoft .Net Framework 1.1 is installed onto a Windows XP computer. The user is created to run the asp.net worker process used in Microsoft's Internet Information Services, which allows ASP.net to run on your local web server (This is pretty much its only use, it is not used to run normal .net managed executables). There is not a need to worry about this user's presence; it was not created in malicious way."

http://www.mvps.org/marksxp/WindowsXP/aspdot.php

__________________________________________
Try forum1391 for lively discussions

 

[bobw]

thanks, it's good to know.
Bob W

 

[link9]

Not only is it "not created in a malicious way", but it's actually a very good thing that you have it.

In the "old days", ASP scripts ran as your default anonymous user, which was the same user that any other web request ran as.

Now that .NET can (it's all off by default) wield much more power over your server, they've sandboxed him into a restricted user account that you have to explicitly give permissions to do various tasks (create files, delete files, modify registry, etc... -- again, all off by default).

You can even make ASP.NET requests impersonate any user you wish. This is especially useful in a load balanced environment so that you can have a domain user that all asp.net requests run under... a great way to centralize the management of your security model.

Anyway, just FYI.

-paul

The answer to getting answered -- faq855-2992