In IIS Manager, in Authentication
- Anonymous Authentication
I have Anonymous user identity
set as IUSR
.
Now if If put this into web.config:
<identity impersonate="true"/>
then System.Security.Principal.WindowsIdentity.GetCurrent().Name
returns NT AUTHORITY\IUSR
.
but if I remove
<identity impersonate="true"/>
how can I impersonate the IUSR
from code? I tried to use SimpleImpersonation
to do it but then I need the password of IUSR
. I found a way to get it using obsolete adsutil.vbs
but I don't have it on Windows 8.1 / IIS 8.5.
This question is theoretical, I don't have a need for impersonating IUSR
but I find the fact that IIS does it interesting.
IUSR is built-in now and does not have a password (more info).
IIS as a service has rights to obtain IUSR impersonation token -- check example on LogonUser.
There is IIS API that provides token handle, which ASP.NET runtime uses.
I believe this may be relevant code from reference sources.
As for actual question, I don't know how anyone can legally impersonate IUSR, sorry.