Regarding: http://support.sourcegear.com/viewtopic.php?t=188
For Windows 2003 servers without a domain, what is the minimum security needed for the ASP.NET user? Why do its credentials get saved in plain text?
In my case, it seems that this user must be part of the administrators group. This is a problem for us but more importantly, the "identity switcher" subsequently posts its username and password in a plain text file (web.config) a webfolder, albeit a private folder.
Needless to say this is a bit scary for us. Is there not someother way?
-John
Minimum user privileges and permissions for shadow service
Moderator: SourceGear
-
JohnClarke
- Posts: 4
- Joined: Wed Aug 10, 2005 4:36 pm
In Vault 3.1, shadow folders on Windows 2003 server should run with without additional configuration if the shadow folder is on the local drive. If you use the default Vault Server install, usually Network Service is used for the shadow folder service.
You would use the Identity Switcher to set permissions for a custom account only if the shadow folder is on a different machine. The identity switcher will set the minimum permissions needed. That account does not need to be part of the administrators group, but would need to be a domain account if you are accessing a shadow folder on a different machine.
You would use the Identity Switcher to set permissions for a custom account only if the shadow folder is on a different machine. The identity switcher will set the minimum permissions needed. That account does not need to be part of the administrators group, but would need to be a domain account if you are accessing a shadow folder on a different machine.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager
-
JohnClarke
- Posts: 4
- Joined: Wed Aug 10, 2005 4:36 pm
A marathon, but working now
Well, I've resolved the problem. The server logs and your advice helped.
I don't have time to write all the specifics here, but in a nutshell this is what (I think) the problem was:
1) there were several folders which needed to have permissions configured (and where not mentioned in your documentation)
2) your identitySwitcher forces usernames like: myserver\myusername, but this causes authentication errors. When I changed it to myusername by modifying the config text file, it worked.
3) Getting the logging to work is a bit of a pain (restarting IIS, client logs switch in an xml config file, etc.), but the log content was useful
In general, I like Vault very much. However, I think that this area could be worked on a bit. Even _with_ the instructions, it would take quite a while to configure on a new machine. I would expect that SourceGear would have made this easier.
Best,
-John Clarke
I don't have time to write all the specifics here, but in a nutshell this is what (I think) the problem was:
1) there were several folders which needed to have permissions configured (and where not mentioned in your documentation)
2) your identitySwitcher forces usernames like: myserver\myusername, but this causes authentication errors. When I changed it to myusername by modifying the config text file, it worked.
3) Getting the logging to work is a bit of a pain (restarting IIS, client logs switch in an xml config file, etc.), but the log content was useful
In general, I like Vault very much. However, I think that this area could be worked on a bit. Even _with_ the instructions, it would take quite a while to configure on a new machine. I would expect that SourceGear would have made this easier.
Best,
-John Clarke