Sunday, October 4, 2009

Problems with SQL Server Express user instancing and Web Application Projects

Some critical info to know for Windows web developers.
Microsoft recommends that the workarounds described in this article only be used to unblock affected development scenarios. When deploying applications into production on any version of IIS, SQL Server Express user instances should not be used.

The configuration of application pools on IIS 7.5 production web servers should use either the new application pool identity, or custom created user accounts. Application pools on IIS 7.5 production web servers should no longer run as NETWORK SERVICE.

The workaround described for working with WAP projects and websites located in a user's Documents folder should be used as a temporary workaround only. From a security standpoint it is not desirable for NETWORK SERVICE to have read access to all of the sub-folders within the Visual Studio Projects folder. The recommendation is to move IIS-hosted WAP projects and websites to a different file location that is normally accessible to an IIS service account (e.g. under c:\inetpub\wwwroot).

No comments: