使用IUSR而不是应用程序池标识的ASP.NET Web服务

Question

This question seems to be similar to this one: IIS site not using identity specified in app pool IIS 7 + However, there are no answers there.

There's a tl;dr at the bottom.

A thing to keep in mind is that I'm not the one who set up the server so they may have changed some settings I don't know about.

We have an ASP.NET web service running on IIS 7. The web service is set to use DefaultAppPool, and the app pool's Identity is set to a domain user (let's say it's "localdomain\\user1").

The web service was unable to save to a certain network folder, so we gave localdomain\\user1 read/write permissions to that folder. It still can't save there, however.

I can't remote debug, and it works fine on my own computer (probably because it's running in Visual Studio's IIS express and my user does have access), so I tried to change the web service so that the error message contains the user name it's running under.

If I use Environment.UserName to get it, the result is "IUSR". If I use System.Security.Principal.WindowsIdentity.GetCurrent().Name , it returns "NT AUTHORITY\\IUSR".

Unless the above methods are not reliable, the web service seems to be running under the default user (IUSR) and not the one set in its application pool. I can't figure out why, can anyone explain?

EDIT: The Task Manager on the server, if I log in using RDP, shows that the w3wp.exe process IS being run by user1. I'm not sure which one to believe.

Thank you.

tl;dr : The web service's application pool is set to a domain user, but it seems to be running under IUSR anyway. How do I prevent that?

Answer 1

Impersonation was the issue. I didn't know this was a setting in the web service's web.config.

Changing <identity impersonate="true"/> to <identity impersonate="false"/> allows it to run as localdomain\\user1.