When using Windows Authentication I can't disable impersonation

2
votes

I have the application pool of a web application set to run as a user called WebUser.

I have the following sections in my web.config:

<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>
<identity impersonate="false" />

I have created a file called a.txt and given only WebUser permissions on it. If I navigate to this file then I get a 401 error. However if I give my own user account access to this file then I can access it.

So it seems that the application is impersonating my identity. How can I make it run as the application pool user instead?

EDIT: Also - if I enable impersonation and make it impersonate WebUser then I still get a 401 error.

Thanks,

Joe

1
asp.netiisimpersonation
Are you running this in IIS or IIS Express? - Erik Funkenbusch
IIS 8.5 on Windows Server 2012 - JoeS
When you say "navigate to this file" what do you mean? Directory browsing? If so, that's not controlled by asp.net. - Erik Funkenbusch
I mean go to TheSite.com/a.txt - JoeS
Ok, but once again, asp.net net doesn't, by default, process txt files - Erik Funkenbusch

1 Answers

1
votes

Ok I solved this by going to the site's advanced settings and changing the Physical Path Credential Logon Type to Interactive. I also had to set Physical Path Credentials to Specific User and enter WebUser's credentials, this stopped it from impersonating the authenticated user when accessing files.

Joe