Iron Speed best practices recommend this approach for the production environment.
If Allow Anonymous Access is selected, then one of the following users can be specified:
IUSR_<MachineName>: This is the default user created when Microsoft Internet Information Server (IIS) is installed. If Allow Anonymous Access is selected, this user is the most likely default displayed by IIS.
ASPNET: This is the default ASPNET user created when Microsoft .NET Framework is installed.
Specific User: Any valid user name and password combination can be specified.
The choice of which user is selected, and the resources they have access to, is critical in making sure your application runs properly and data is displayed in your application. The following resources are accessed by the application and the selected user must have access to them:
1. Application Folder: The selected user must have read and execute privileges on the Application Folder (e.g., C:\MyApp). The permissions for all files and sub-folders in the Application Folder must be set to “inherit permissions”.
2. Microsoft .NET Framework Temporary Folder: The selected user must have read, write and execute privileges on the Microsoft .NET Framework Temporary files folder (e.g., C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files). The permissions for all files and sub-folders in the temporary folder must be set to “inherit permissions”.
1. Microsoft Access Database File and Folder: If you are using Microsoft Access, the selected user must have read, write and execute privileges to both the file and the folder containing the Microsoft Access database. Note that if your database is located in your application folder, then the selected user must have read, write and execute privileges to the application folder. The permissions for all files and sub-folders in the database folder must be set to “inherit permissions”.
2. Microsoft SQL Server using Windows Authentication, Database on Same Server: If you are using Microsoft SQL Server database using Windows Authentication, then the select user must have access to Microsoft SQL Server. If the Virtual Directory is configured to use the IUSR_<MachineName> or ASPNET account, make sure that this user has access to Microsoft SQL Server.
3. Microsoft SQL Server using Windows Authentication, Database on Different Server: The selected user must have access to Microsoft SQL Server. This scenario will only work if the Virtual Directory is configured to use a Domain Account. If the Virtual Directory is configured to use the IUSR_<MachineName> or ASPNET accounts, this scenario will not work since these accounts are local to the application server machine, and most likely do not have access to the database server machine. To fix this problem, either:
Set Microsoft SQL Server to use SQL Server Authentication; or
Configure the Virtual Directory to use a Domain Account.
4. Microsoft SQL Server using SQL Server Authentication: If you are using Microsoft SQL Server with SQL Server Authentication, then the SQL Server user must have access to the database to read, write and update data in the database. If you are continuing to see problems when using this scenario, check to make sure:
The SQL Server user has access to the database in read, write and update mode; or
The SQL Server user’s password is correct.
The Microsoft SQL Server could be located on the same server or on a different server in this scenario, and either scenario should work as long as the SQL Server user name has appropriate permissions and the password is correct.
Iron Speed best practice recommends this approach for production systems.
5. Oracle: If you are using an Oracle database, then the Oracle user must have access to the database to read, write and update data in the database. If you are continuing to see problems when using this scenario, check to make sure:
The Oracle user has access to the database in read, write and update mode.
The Oracle user’s password is correct.
The Oracle database could be located on the same server or on a different server in this scenario, and either scenario should work as long as the Oracle user name has appropriate permissions and the password is correct.
Iron Speed best practice recommends this approach for production systems when using Oracle.
No Anonymous Access (Recommended for Development Environment)
Allow Anonymous Access (Recommended for Production Environment)