All tasks performed under Windows require a valid Windows User account.   Similarly, IIS (Internet Information Server) requires a valid user account to handle any requests it may receive.

When DiscountASP.NET sets up a hosting account, we assign each hosting account a unique username.  You can access your website using that valid username (and your password) to transfer files via FTP, for example.

However, which user account is used when a website contains, for example, a web-based upload script that can be accessed by visitors?

The Anonymous ASPNet User

The Anonymous ASPNet User is the Windows User that is used by the .Net Framework to access web pages.  This user account is often called the "Web Anonymous User" or "Internet Guest account".  Anonymous requests are the most common type of requests handled by HTTP (web) servers.  An example is Internet users browsing your web site.  In this mode, the server knows nothing about the user except for some general information such as IP address and browser type.  All tasks performed under Windows require a valid Windows User account, so IIS uses this account when handling these requests.

To ensure maximum security in the DiscountASP.NET hosting environment, each web site account has its own Anonymous IUSR account to avoid cross-site script access.

In general, the IUSR does not require any disk space quota unless a file is created by a web application.  Examples include:

  • A File Upload Script
  • A Web-based File Manager

If your web site uses one of the above mechanisms, you will need to adjust the disk space usage quota for the Anonymous ASPNet User to accommodate for file uploading/management.  We provide a User Quota Manager tool in the control panel to make these disk quota assignments.

Note: Enabling write permission for the anonymous user does not mean that anyone can write to your website.

Allowing the Anonymous User write access does not pose a threat to your site's security.

The Anonymous User is a Windows user which IIS uses to authenticate.   Having write access does not mean that your web site visitor can write to your files, but rather, it allows the web server (application) to write to your files.

Write access is necessary for certain types of applications.  For example, if your ASP or application needs to write to an MS Access database file, the Anonymous user must have write permission to allow the web server to update the database file.