2

I have an http handler that saves files on a remote location. For doing this I need specific permissions and the entire application is configured to work with impersonation (web.config setting)

This works perfect for all the pages (some other pages also needs the same specific permissions) but the impersonation is not working for http handlers, it simply doesn't impersonate.

This works perfect on IIS6 but not on IIS7. The application pool mode is classic

BlackICE
  • 8,816
  • 3
  • 53
  • 91
StackOverflower
  • 5,463
  • 13
  • 58
  • 89
  • 1
    This is by design. See: http://weblogs.asp.net/drnetjes/archive/2005/06/06/410508.aspx – Marco Miltenburg Oct 31 '11 at 14:09
  • @Marco Miltenburg: what is by design? I've read that blog before posting this question and it only says that impersonation doesn't work on http handlers but he doesn't say why. I'd like to know the reason so maybe I could fix with configurations instead of having to add code. Thanks! – StackOverflower Oct 31 '11 at 14:19
  • Sorry, my comment on it being by design was possibly premature. I missed the part where you said your app pool is in classic mode. At lot has changed though in IIS 7 concerning authorization, impersonation and thread identity. Although in classic mode IIS should behave the same as IIS 6 I won't be surprised if there are subtle differences. I was unable to find any details about differences but I found a rather complicated table in the book "Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB" on how it works in IIS 7 integrated mode. A lot of factors influence it. – Marco Miltenburg Nov 02 '11 at 21:15

1 Answers1

0

Why impersonate for file io permissions, that is what app pool identity is for? Set your handler's app pool's identity to a user that has permission to do the IO.

Specify an Identity for an Application Pool (IIS 7)

Configuring Application Pool Identity with IIS 6.0 (IIS 6.0)

rick schott
  • 21,012
  • 5
  • 52
  • 81
  • thank for your answer. For different reasons not related why this question I have to impersonate so changing app pool user is not an option. – StackOverflower Oct 31 '11 at 14:34