Wednesday, May 08, 2013

Journey to robust web services: installing a WCF 4.0 application on IIS 6.0

Due to budget and other constraints, I'm unable to get my hands on the latest and greatest software for running a WCF application I've been working on, so I'm forced to use what my company's got: Windows Server 2003 and IIS 6.0. Suffice it to say that working with these old bits of software are less than ideal. However, I'm stuck with it. So, moving forward, here's some of the things I found while working on the application:

  1. There's no easy way to set certain items in the registry for the Network Service user. (Sorry, for various reasons, I can't elaborate on that statement.)
  2. Due to (1), I've decided to run my application as a custom normal (non-Administrator) user that I've created. However in order to use this user with IIS and its applications, certain steps must be taken.

Using a custom user to run an IIS 6.0 application

The following are pre-requisites in order to be able to use a custom user to run an IIS 6.0 application:
  • The user must have already been created and should have absolutely the least number of privileges possible.
  • Thanks to this question on Stack Overflow, the following must also have the following:
    • The "Log on as a service" right (Start -> Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Log on as a service)
    • "Access this computer from the network" (similar location as in the step above)
    • "Deny logon locally"
    • "Log on as a batch job"
    •  "Read & Execute", "List Folder Contents" and "Read" access to the file system that underpins the web site/application
  • Thanks to this troubleshooting article on MSDN, I also found out that the user must be part of the "IIS_WPG" group.
I now have other problems to worry about with this application, but at least now I know that they're not related to how I'm running the application in IIS.

No comments: