IIS Not using anonymous impersonation

M

MattC

Hi,

I havea web app that has anonymous accesss enabled. I have specified that
IIS should have the credentials of a user in the active directory. This
user has rights to my SQL Server database.

In my web.config file I have impersonate=true set.

However when I try to access my website an error is produced. On checking my
error log it shows that it failed due to the fact that the user trying to
acccess the database has no rights. Instead of using the user specified in
IIS it seems IIS is using the domain and username of the client, not what I
want.

How do I get IIS to use the user specified in the Directory Security tab of
the web app's properties in IIS?

I have anonymous access ticked and Integrated authentication ticked (without
the second no access at all is allowed).

TIA

MattC
 
P

Paul Clement

¤ Hi,
¤
¤ I havea web app that has anonymous accesss enabled. I have specified that
¤ IIS should have the credentials of a user in the active directory. This
¤ user has rights to my SQL Server database.
¤
¤ In my web.config file I have impersonate=true set.
¤
¤ However when I try to access my website an error is produced. On checking my
¤ error log it shows that it failed due to the fact that the user trying to
¤ acccess the database has no rights. Instead of using the user specified in
¤ IIS it seems IIS is using the domain and username of the client, not what I
¤ want.
¤
¤ How do I get IIS to use the user specified in the Directory Security tab of
¤ the web app's properties in IIS?
¤
¤ I have anonymous access ticked and Integrated authentication ticked (without
¤ the second no access at all is allowed).

I think what's happening is that Integrated authentication is being used because Anonymous
authentication is being denied access to a resource. You need to set up NTFS file permissions
correctly for the Anonymous account that you are attempting to impersonate.

The fact that you're being denied access when using Anonymous access exclusively would indicate that
the Anonymous account does not have sufficient permissions to access the web application resources.


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)
 
M

MattC

Paul,

Spot on. Somehow my application's user account password was reset, i didn't
realise that the the failover for access denied is to use Integrated
authentication, makes sense now that I think of it.

Thanks for your time

MattC
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Impersonation and Anonymous User 1
anonymous access + impersonation 5
impersonation 3
Windows + Anonymous Authentication 0
need OS user login name (but require anonymous IIS) settings 0
Impersonation 2
IIS Management and ASP.Net Impersonation 5
web.config and Anonymous Authentication problems ??? 0

Members online

Total: 24 (members: 1, guests: 23)
Robots: 623

Forum statistics

Threads
473,769
Messages
2,569,581
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top