I'm having access denied errors when trying to create directories, move files etc. So I added (web.config) the impersonate user that have the right privileges to execute that functions.
So, in my web.config I have the current code:
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>...</handlers>
<aspNetCore .../>
</system.webServer>
</location>
<system.web>
<identity impersonate="true" password="password123" userName="DOMAIN\user123" />
</system.web>
</configuration>
And in my IIS, the DefaultAppPool
pool have the Identity
property set to ApplicationPoolIdentity
.
iis pool configuration identity
And now I use WindowsIdentity.RunImpersonated()
to run my code that create the folders and etc that I talked earlier with the purpose to use the configured user (DOMAIN\user123
), and not the current User.Identity
logged into, like DOMAIN\anyOtherCurrentUser
:
WindowsIdentity.RunImpersonated(WindowsIdentity.GetCurrent().AccessToken, () => {
// create directory, move files, etc
});
The problem is when I run this code, calling WindowsIdentity.Getcurrent()
, The user that I'm getting is the current one set on IIS Configuration IIS APPPOOL\DefaultAppPool
and not the configured user in web.config DOMAIN\user123
. Why this happens? How should I use this user configured in web.config?
You simply cannot.
Anything under <system.web>
applies to only ASP.NET 4.x or older, and ASP.NET Core does not honor such.
Even for ASP.NET 4.x you should grant all permissions based on the application pool identity, not relying on impersonation for your own good.