<identity impersonate="true" /> and local server

Does the Access file reside on the web server?
Are you using windows Authentication?

Can you give more info on this error?  Can you confirm it is directly related to the mdb file, or could it be an aspx page.  When you set <identity impersonate="true" /> your aspx pages themselves are going to need to have permission set for this impersonated user.

Yes, the access file is on the web server.  It's just an MDB file in the same directory (or DB subdirectory) of the web site.  I wish I was more knowledgable about authentication, otherwise I probably wouldn't be so confused here.  on my local server I just set to read/write/modify in the file properties and gave it to Everyone, which also goes to IUSR.  

The question is, what does the <identity impersonate-"true" /> statement do?  With this statement the file is updateable on the production server but not when run it locally on my server.  When I don't have the statement in it runs fine on my local server and I can update the MDB file.  

Ok, I"m not being clear here.  I have this site working on two servers, my own and a production server.  I can get the insert action working on both servers, but it works on the production server with the <identity impersonate="true"> in the web.config file and on my local machine when I don't have the statement in.  So it shouldn't be a problem with an aspx file.  

I don't understand authentication that well, so it should be a simple setting, or something, that i change on my local server.  Maybe it's because I come in on my local browser and the authentication is different because it's localserver.  

To follow up.  I want to be able to have this run on both servers with the same environment.  I have more control over the local server, so i want to make the change on my machine, with the <identity> statement set as true.  

<identity impersonate="true" /> will assume the identity of the authenticated user connected to IIS (usually replacing the ASPNET user).  Here is some more info on which permissions are set.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp

What type of authentication are you using on IIS?  (it's under the directory security tab of the directory)  Anonymous/Integrated Windows/Basic/Digest?  If you can tell me this I can tell you who should have permissions where based on your impersonation.

I'm using Anonymous authentication.  

If you are using anonymous authentication then IIS will ignore your windows auth.  If this is on an Active directory domain try turning off the Anon auth and just leave windows auth on.  If it is not on a win domain try using basic auth.  Basic auth is not very secure as it sends usernames and passwords in plain text but it will tell us if it is a rights issue.  My first thought was this is the IIS 2 hop issue where you lose credentials on the second hop but it looks like that is not the problem.

Also, keep <identity impersonate="true" /> in web.config.

John

I have the Access database on both machines.  I'm trying to have the two machines do the exact same thing.  The only difference is that I'm testing on my own machine so the browser (me, when I'm testing) is on the localserver, so that might be confusing things.  

If you impersonate with anonymous authentication, both your aspx pages and the database will need to have permissions of the anonymous user configured in IIS.  Is this the case?

Arrrggghhh!!!!  This got me for a long time before I figured out what was happening.  That's one of the a,azingly high number of reasons why I do not use Access for anything anymore.  However, jnhorst has this one right on the money.  This will forever be a sore spot for me.  

dougfosterNYC, the more I develop, the more I find that the Web.Config will almost never be the same in both environments.  However, the rest of the files (barring updates) will.  the reason for this is that on your development machine, you are running as yourself with what I assume is administrative (or close) priveledges.  Whenever you perform network requests, YOUR windows login credentials will always be used.  While developing with Visual Studio, a lot of that is so transparent now that it gets so easy to hit road blocks if you aren't paying attention.  It gets to where you oftentimes cannot tell if you are sending a request to IIS, or other way through the network and windows.

This opens another big can of worms where you can use aspnet_wp.exe to authenticate all request types by file extension...

Thanks guys.  I basically got something running, although my web.config is different on each machine.  

** Correction for me - aspnet_wp.exe should be aspnet_isapi.exe **
D'oh!