0

So - after much research, it appears that the < identity impersonate=true > only works AFTER the Application_Start event fires.

Does anyone know any workaround to this problem? I have an application which needs to create the database when the application first starts. The user that the IIS website runs as has the appropriate permissions to do in a way that the APP_POOL user SPECIFICALLY DOES NOT have.

My current HACK solution is to put (peudo code)

static bool AppInitialized = false;
void Session_Start() {
   if (!AppInitialized) {
     AppInitialized=true;
     InitializeApp();
   }
}

impersonate=true will be "in effect" by the time a specific session is starting - and so this WORKS, but seems silly since I'm basically re-creating the behavior of the Application_Start event. Seems like there MUST be a more elegant solution to this problem - no?

eejai42
  • 736
  • 2
  • 12
  • 24

1 Answers1

0

That is strange -- I have this entry in my web.config file:

<identity impersonate="true" password="blarhg" userName="thisuser"/>

And when I check the identity on the Application_Start() event, it's giving me "thisuser".

Is that not correct?

Losbear
  • 3,255
  • 1
  • 32
  • 28
  • Yes - that is correct. The problem is when you are trying to detect the authenticated user's identity. In other words, if you specify a username/password in the identity field, it is available during the Application Start event. If want the identity of the authenticated user, it is available at Session_Start but not during Application_Start. During the Application_Start event, the APP_POOL identity is used, which is PRECISELY the user I do NOT want to give access to my database... Does that make sense? – eejai42 Jul 11 '12 at 15:28
  • It makes sense, but i'm trying to think of how/why you'd want to do that lol =) Where you thinking you'd login to your app to start the application? The APP POOL will recycle every so often (I think default is 90min.), so the application will stop & start multiple times throughout the day. If there is a certain process you want to start when the app starts (and the user doing it is important), you should probably manually authenticate a user/account and run your process and then release the impersonation. Hope this helps – Losbear Jul 12 '12 at 16:29