ASP.NET does not function properly when using the default ASPNET account in the domain controller

zhaozj2021-02-16  99

After installing Microsoft Visual Studio .NET or Microsoft .NET framework on a domain controller or backup domain controller, if you try to run

ASP.NET app, the browser will display the following error message:

Server Application UNAVAILABLE

The Web Application You Are Attempting to Access On this Web Server IS Currently Unavailable.

Please hit the "refresh" Button in Your Web Browser to Retry Your Request.

In addition, the following events are logged in the system application event log:

ASPNET_WP.EXE COULD NOT BE LAUNCHED BECAUSE THE UserName and / or Password Supplied in The

ProcessModel Section of The Config File Are Invalid.

ASPNET_WP.EXE COULD NOT BE Started.

HRESULT for the failure: 80004005

This issue involves Internet Information Services (IIS) version 5.0 or higher.

the reason

By default, in order to provide a safer environment, ASP.NET runs its aid with a weak account (named a local computer account named ASPNET).

process. All user accounts on the domain controller or backup domain controller are domain accounts, not a local computer account. Therefore, ASPNET_WP.EXE

Since the local account named "localmachinename / aspnet" is not found to start. To provide a valid user account on the domain controller

Household, must be in the Machine.config file

Some specify an explicit account or you must use the System account.

Note: If you try to debug before trying to browse the page (click the Start button), the exact same problem will occur.

solution

To resolve this issue, use one of the following methods:

Create a weak account with correct permissions, then configure the machine.config file

Part of this account is used.

In the Machine.config file

Part, set the UserName property to System.

Configure the Machine.config file

Part of the administrator account.

Note: If the ASP.NET application is allowed to run as a System or administrator account, it will bring serious security issues. If any of the workarounds are used, the code running in the ASPNET_WP.EXE process will be able to access domain controllers and domain settings. The executable starting from the ASPNET_WP.EXE process is run in the same context, which can also access the domain controller. Therefore, Microsoft recommends using the first variation. To use the first workaround solution, perform the following steps:

1. Create a user account called ASPUSER on your computer and add this account to "User Group".

Note: This account can also be used if the password of the ASPNET account created by the .NET framework is changed. You must know the password of this account, because you need to add this password to the back steps.

section.

2. A user privilege "as a batch job login" to the ASPUSER or ASPNET account. Make sure this change is displayed in the Local Security Policy settings.

Note: To grant this account "As a Batch Job Log in", you must authorize this user permission in each of the following security policies (from the Control Panel "/" Administrative Tool ": Domain Controller Security Policy

Domain security policy

Local security strategy

Note: You must restart the server so that these changes take effect.

3. Make sure that the ASPUSER or ASPNET account has access to the starting ASPNET_WP.EXE process and provides all directories and files necessary for the ASP.NET page.

4. Open the Machine.config file. The path of this file is:% systemroot% / Microsoft.Net / Framework / V1.0.3705 / Config.

5. In the Machine.config file

Some, change the username and password properties to the name and password of the account created in step 1. E.g:

UserName = "domainname / aspuser" password = "aspuserpassword"

6.

Preserved

Machine.config

The changes made by the file.

转载请注明原文地址:https://www.9cbs.com/read-11204.html

New Post(0)