IIS 7.5 using impersonation even when disabled

4
votes

i am using IIS 7.5 with windows auth enabled for a default web site. i have set it to run as IIS AppPoool Identity and given permisson to my web folder to the IIS app pool identity. but when a users logins to my site and provides network credentials its impersonating as the user to get access to my web folder instead of using app pool identity and the user is getting 401 error. i verified this through procmon as well.

i also ran appcmd set config /commit:WEBROOT /section:identity /impersonate:false

to make sure impersonation is disabled. i have to add the computername\users id to the web app folder with read/execute permission to get it to work. what am i missing here?

1
c#asp.netiis-7windows-server-2008iis-7.5
Is you're application running in Integrated or Classic pipeline mode? - Matthew Abbott
Is impersonation enabled in your web.config? - tardomatic

1 Answers

0
votes

I don't know how to do this via command line, but here are the steps via the GUI.

  • Open IIS Manager
  • Expand your server
  • Expand sites
  • Browse to your application and select it
  • Click "Basic Settings..." in Actions on the right
  • Click Connect as...

This window allows you to change the user.

Note that there are two forms of impersonation, which is what is causing you confusion. Application pool impersonation causes the application to run in the context of the user. Connect as causes the application pool to use the user to access the resource on disk, without actually running in the context of the user otherwise.

Also note that if you are using Anonymous authentication the "Authenticated user" in the Connect as box is the anonymous user defined in Authentication.