Comments on: Windows CardSpace: FAQ for ASP.NET Developers http://ankitjain.info/ankit/2007/06/19/windows-infocard-faq-developers (ये मेरी लाईफ है) » It's all about Ankit ń Code ! « Fri, 25 Jul 2008 07:48:24 +0000 http://wordpress.org/?v=2.0.3 by: barryd http://ankitjain.info/ankit/2007/06/19/windows-infocard-faq-developers#comment-31108 Sun, 01 Jul 2007 15:19:37 +0000 http://ankitjain.info/ankit/2007/06/19/windows-infocard-faq-developers#comment-31108 On point 4; no. Never ever do this. ASP.NET is not run as LocalSystem for very good reasons, it's as high in the security context as you can get, and should IIS be compromised your entire machine is then wide open. Instead run your process as normal (Network Service or a custom account) and grant read access to the SSL certificate instead. I've put together the steps you need to take on my blog this afternoon; http://idunno.org/archive/2007/07/01/giving-your-web-site-process-access-to-your-ssl-certificate.aspx On point 4; no. Never ever do this. ASP.NET is not run as LocalSystem for very good reasons, it’s as high in the security context as you can get, and should IIS be compromised your entire machine is then wide open.

Instead run your process as normal (Network Service or a custom account) and grant read access to the SSL certificate instead.

I’ve put together the steps you need to take on my blog this afternoon; http://idunno.org/archive/2007/07/01/giving-your-web-site-process-access-to-your-ssl-certificate.aspx

]]>