Improving Web Application Security: Threats and - CGISecurity

Chapter 19: Securing Your ASP.NET Application and Web Services 557Use a Least Privileged Custom AccountIf you must use an alternate identity to run the ASP.NET worker process, make surethe account that you use is configured as a least privileged account. This limits thedamage that can be done by an attacker who manages to execute code using theprocess security context.You might decide to use an alternate account because you need to connect to a remoteMicrosoft SQL Server database or network resource using Windows authentication.Note that you can use the local ASPNET account for this purpose. For moreinformation, see “Data Access” later in this chapter.For more information about the NTFS permissions that the ASP.NET process accountrequires, see “NFTS Permission Requirements” later in this chapter.You should also grant the following user rights to the ASP.NET process accounts:●●●●●Access this computer from the network.Logon as a batch job.Logon as a service.Deny logon locally.Deny logon through terminal services.Encrypt CredentialsIf you need to use a custom account, do not store plaintext credentials inMachine.config. Use the Aspnet_setreg.exe utility to store encrypted credentials inthe registry. To encrypt credentials for 1. Run the following command from the command prompt:aspnet_setreg -k:Software\YourApp\process -u:CustomAccount :p:StrongPasswordThis stores the encrypted credentials in the specified registry key and securesthe registry key with a restricted ACL that grants Full Control to System,Administrators, and Creator Owner.2. Reconfigure the element and add the following userName andpassword attributes.For more information, see Microsoft Knowledge Base article 329290, “How To: Usethe ASP.NET Utility to Encrypt Credentials and Session State Connection Strings.”