IIS Web Application & Virtual Directory Access

Posted on 2012-09-20
Last Modified: 2012-09-21
I currently have a web application that runs under an app pool impersonating a domain account (my webserver is on the domain).

I am trying to setup a virtual directory within this web application that contains numerous pdf's that will be displayed to the user on the webpage.

When setting up the virtual directory i can test the connection and get a green light, saying the app pool identity has access to the folder.  I have verified the share and security permissions on the physical folder and the app pool impersonate account has full rights.

When the webpage loads it displays the pdf in an iframe.  This works when I have Anonymous Authentication turned on in the virtual directory settings (IUSR) but as soon as I disable this and want it to use windows auth (assuming it is going to use the app pool identity) the pdf will not display and prompts for a login.  I have even tried turing on ASP.Net impersonation for the virtual directory and specifically enter my domain app pool account and it still does not display the pdf.

Is this normal behavior?
Does the local IUSR account have some special setting (security) that my domain account (currently a domain admin acct while I am testing) would not have?
Question by:kiptacula
    1 Comment
    LVL 30

    Accepted Solution

    Yes, that does make sense.

    App Pool Identity and ASP.NET Impersonation are 2 different things. AppPools are what IIS uses to manage a worker process. ASP.NET Impersonation is at the application level in the web.config of an application. Using impersonation in the web.config allows you to override the set Identity configured in the AppPool.  Think of it as worker process vs application.

    Essentially, you will need to modify your web.config to impersonate if you are using windows authentication and disabling anonymous.

      <authentication mode="Windows"/>
        <identity impersonate="true" userName="<domain>\<UserName>" password="<password>"/>

    Have a look at:
    ASP.NET Impersonation documentation:

    Using IIS Authentication with ASP.NET Impersonation:

    You can also modify your page to show the security ID as such.

    Hope it helps,

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now