Archives
-
Under what context does my code run on IIS?
Following up on my last two blogs, we continue to notice that folks have difficulty properly configuring IIS in a secure manner, because they tend to over-open the security of their system, giving privileges to both the "request identity" and the "process identity" that are above what are required for secure and reliable applications.
-
Who is my IIS application process identity?
Over the versions of IIS, we have changed our process model in some ways with each release. Each of those changes required administrators to change the way they set up permissions for "code" to run properly on IIS. It also requires application developers to be aware of these changes.
-
Who is the anonymous user?!
Many questions that we get on the forum's are around which users need which permissions for what resources ... isn't that how life goes? :)