How to Create a Service Account for Your WCF Service
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
Running WCF Service with a specific identity, such as a service account, helps to isolate your service. It allows you to restrict service resources to your application's account, and allows you to use Windows auditing to track the activity of the application
separately from other applications or services.
The following steps show you how to create a service account to run your WCF service.
aspnet_regiis.exe -ga machineName\userName
- Create a Windows account
- Run the following aspnet_regiis.exe command to assign the relevant ASP.NET permissions to the account:
This step is required when your application needs to run in ASP.NET compatibility mode, otherwise you can skip this step.
- Use the Local Security Policy tool to grant the Windows account the Deny logon locally user right. This reduces the privileges of the account and prevents anyone logging onto Windows locally with this account.