How to Upload File using Application Pool identity instead of Logged User Identity- ASP.NET MVC Impersonation

Question

I am working on a ASP.NET MVC Web application. I have situation where i want to upload a file using application pool identity instead of Logged user identity. I want to use app pool identity only while uploading Files. All other places ,I want to use Logged user identity Itself. Application is hosted in two servers, Server1 and Server2.Shared folder is located in Server1.

Currently I am uploading Files as shown below

    [HttpPost]
    public JsonResult Upload()
    {
         string fileUniqueName = string.Empty;

        try
        {
            for (int i = 0; i < Request.Files.Count; i++)
            {
                HttpPostedFileBase file = Request.Files[i];
                string fileName = file.FileName;
                fileUniqueName = string.Format("{0}_{1}_{2}",
                Path.GetFileNameWithoutExtension(file.FileName),
                DateTime.Now.ToString("yyyyMMdd_HHmmss_FFF"),
                Path.GetExtension(file.FileName));
                string tempFileUploadFolderPath = ConfigurationManager.AppSettings["TempFolderPath"];
                Directory.CreateDirectory(tempFileUploadFolderPath);
                string fileFullpath = Path.Combine(tempFileUploadFolderPath, fileUniqueName);
                file.SaveAs(fileFullpath);
            }
        }
        catch(Exception)
        {
            Response.StatusCode = (int)HttpStatusCode.BadRequest;
            return new JsonResult
            {
                Data = ""
            };
        }
        
        return new JsonResult
        {
            Data = fileUniqueName
        };
    }

I have below setting in web.config

<authentication mode="Windows" />
<identity impersonate="true" />

Can anyone help to rewrite above code where File Upload works on Application Pool Identity instead of logged user identity. File is uploading to folder where Application is hosted.

Answer 1

After reading the document and actual testing, I can now give you a detailed answer.

As you mentioned in the previous thread, if users in the non-AD group want to be able to upload files to the folder, they need to perform the upload operation as the application pool identity. But you have enabled impersonation, so when you log in as a non-AD group user, IIS will override the application pool identity with your logged-in account. If impersonate is set to false, the upload will be performed as the application pool identity and the file will be saved to the folder.

However, if impersonate is set to false in the entire site, any operations performed by non-AD users on other pages will also be performed as the application pool identity.

So you can set impersonate to true for the entire site, only the upload page impersonate is false. Just select the view folder in IIS, switch to content view, select a cshtml and right-click switch to the teatures, and then disable impersonate in authentication. Like this

Some useful blog you can refer to: Users access to disk

When using Windows authentication, the application pool identity (e.g. IIS Apppool\Site001) is used for some access but the Windows account (e.g. User1) is used for other access. It depends on the impersonation settings of your application or framework that you’re using. Therefore, you would generally need to grant access to the application pool identity, plus every Windows account (e.g. User1, User2, User99) which needs access to your site.

Identiies in IIS

Answer 2

You should be able to control authentication settings per path using the <location> element in web.config.

Something like this:

<location path="/upload">
  <system.web>
     <authentication mode="Windows"/>
     <identity impersonate="false"/>
  </system.web>
</location>