0

We have intranet website that is deployed on IIS 6 with windows authentication and ASP.Net Impersonation enabled. It works perfectly, but when we moved to IIS 8.5, logging (to a log file) seems to stopped working. When we ran Process Monitor, it shows access denied to the folder where logs are written. And it also shows that, it is impersonating logged in user to write the logs. Where we want the system to use app pool user to log. I tried everything available on internet, changing entries in applicationhost.config to adding location paths and adding web.config to that particular location, nothing seems to work.

Update:

Just executed Process Monitor on old server and below is the comparison. it is exactly same, except new server denies the access. In both the cases, impersonating user (logged in user) tries the access to folder. I think something to with OS. Old server us Windows Server Standard and new one is Windows Server 2012 R2 Standard.

Old Server

Operation:CreateFile
Result:SUCCESS
Path:XXXXX\log.txt
Desired Access:Generic Write, Read Attributes
Disposition:OpenIf
Options:Synchronous IO Non-Alert, Non-Directory File, Open No Recall
Attributes:n/a
ShareMode:Read, Delete
Impersonating:domain\username
OpenResult:Opened

New Server

Operation:CreateFile
Result:ACCESS DENIED
Path:XXXXX\log.txt
Desired Access:Generic Write, Read Attributes
Disposition:OpenIf
Options:Synchronous IO Non-Alert, Non-Directory File, Open No Recall
Attributes:n/a
ShareMode:Read, Delete
Impersonating:domain\username
Dharmesh Tailor
  • 320
  • 1
  • 11
  • Select your website in IIS Manager in left pane, double click Authentication in right pane and then right click Anonymous Authentication and click Edit. In the dialog box ensure Application pool identity radio button is checked – Mohsin Mehmood Aug 26 '18 at 05:51
  • But doesn't that mean that all requests will use the app pool identity? – Dharmesh Tailor Aug 26 '18 at 06:24
  • App pool identity or custom identity. This setting will ensure that anonymous users will not be impersonated under IIS_Usr account – Mohsin Mehmood Aug 26 '18 at 06:46
  • Application pool is set at certain domain account, while users have their individual domain account. So setting anonymous authentication to use application pool identity, means it will use that instead of logged in user identity? – Dharmesh Tailor Aug 26 '18 at 06:54
  • So if you edit `Anonymous Authentication` there are two options. `Specific user` or `Applicaiton Pool Identity`. If you want to use certain domain account you can select first option and then set the required domain account with username and password and then anonymous users will be impersonated using that domain account – Mohsin Mehmood Aug 26 '18 at 07:23
  • Already tried that. Not working. – Dharmesh Tailor Aug 26 '18 at 07:44
  • Ok! Have you tried `ASP.NET Impersonation` option under selected website `Authentication`. You can enable it and then edit to set to a specific user account. Check this https://forums.iis.net/t/1228054.aspx – Mohsin Mehmood Aug 26 '18 at 07:54
  • Impersonation is already enabled and it needs to be logged in user, to access sql server reports based on logged in user permissions. – Dharmesh Tailor Aug 26 '18 at 11:51

0 Answers0