All geek questions in one place

IIS 7.5 using impersonation even if it is disabled

I am using IIS 7.5 with the auth window enabled for the default website. I set it to run as the IIS AppPoool identifier and gave permisson for my web folder for the IIS application pool identifier. but when users log into my site and provide network credentials, they pretend that the user is accessing my web folder instead of using the application pool identifier, and the user is getting error 401. I also checked this through procmon.

i also ran appcmd set config /commit:WEBROOT /section:identity /impersonate:false

to make sure the impersonation is disabled. I have to add id computername \ users to the web application folder with read / execute permission to make it work. What am I missing here?

+4
source share
1 answer

I do not know how to do this using the command line, but here are the steps through the graphical interface.

  • Open IIS Manager
  • Expand server
  • Expand Sites
  • Go to your application and select it
  • Click "Basic Settings ..." in the actions on the right.
  • Click "Connect as ..."

In this window you can change the user.

Note that there are two forms of impersonation that cause confusion. Initiating an application pool causes the application to start in the context of the user. Connect as forces the application pool to use the user to access the resource on disk, otherwise it does not actually run in the context of the user.

Also note that if you use anonymous authentication, the “Authenticated User” in the “Connect As” field is the anonymous user defined in “Authentication”.

0
source

Source: https://habr.com/ru/post/1389325/

More articles:


All Articles