14

We have upgraded an ASP.NET web application from IIS6 to IIS7 integrated mode. Our application uses:

<identity impersonate="true"/>

and therefore we have had to set:

<validation validateIntegratedModeConfiguration="false" />

Is this sensible? My instincts say not, but searching on google for this issue, this "workaround" is suggested on every page visited.

Is impersonation no longer a good practice in IIS7 integrated, and should we abandon it and come up with a different solution?

Greg Tarr
  • 496
  • 3
  • 5
  • 19
  • 1
    You may have better luck asking on serverfault.com as this is an IIS configuration question more than it's a programming question =) – Rob Mar 07 '12 at 06:34
  • It was my understanding that impersonation was frowned upon even on IIS6. I'd look into why you need to impersonate & what you can you do remove it, as you're kinda making life hard for yourself, as you can't use any of the new security features in IIS7 – Simon Halsey Dec 24 '13 at 04:02
  • @SimonHalsey thanks. have you got any references for the suggestion of bad practice? I think the main reason was for database purposes – Greg Tarr Dec 24 '13 at 12:41
  • The biggest problem with impersonation is setting the account up correctly & ensuring it is sufficiently restricted. IIS7 introduced app pool identities which does all the work for you. – Simon Halsey Dec 24 '13 at 19:51

1 Answers1

4

@GregT: Below is the link that answers your question

http://forums.iis.net/t/1150266.aspx
http://mvolo.com/breaking-changes-for-aspnet-20-applications-running-in-integrated-mode-on-iis-70/

As I understand that specific line of code is added up to log issues as errors and perform the necessary operation.

Venkatesh Ellur
  • 158
  • 1
  • 10