In IIS Manager, in Authentication - Anonymous Authentication I have Anonymous user identity set as IUSR.
Now if If put this into web.config:
<identity impersonate="true"/>
then System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\IUSR.
but if I remove
<identity impersonate="true"/>
how can I impersonate the IUSR from code? I tried to use SimpleImpersonation to do it but then I need the password of IUSR. I found a way to get it using obsolete adsutil.vbs but I don't have it on Windows 8.1 / IIS 8.5.
This question is theoretical, I don't have a need for impersonating IUSR but I find the fact that IIS does it interesting.
IUSR is built-in now and does not have a password (more info).
IIS as a service has rights to obtain IUSR impersonation token -- check example on LogonUser.
There is IIS API that provides token handle, which ASP.NET runtime uses.
I believe this may be relevant code from reference sources.
As for actual question, I don't know how anyone can legally impersonate IUSR, sorry.