I've got an asp.net app that relies on Request.LogonUserIdentity.Name to be populated with the username of the person logged onto the client machine. In IIS7 on the webserver, I've disabled Anonymous Authentication and enabled ASP.NET Impersonation & Windows Authentication. (I'm logging onto the webserver with a service account, not my own.) When I try to browse to the site from my desktop, I get prompted for my network credentials which fail – 401 Unauthorized.... I'm using .Net 3.5 sp Whatever. The server is running IIS 7.5.
Application Pool:
- Managed Pipeline Mode: Classic
- Load User Profile: false
- Identity: ApplicationPoolIdentity
Web Application:
- .NET Auth Rules: Allow All Users
- Enabled auth types: ASP.NET Impersonation, Windows
File-system Folder permissions:
- Creator Owner: Special Permissions
- Machine\IUsr: Read & Execute, List folder contents, Read
- Machine\System: Full Control
- My Domain Account: Full Control
- Machine\Administrators: Full Control
- Machine\Users: Read & Execute, List folder contents, Read
- Machine\IIS_IUSRS: Read & Execute, List folder contents, Read
- Trusted Installer: Full Control
I've tried adding Machine\Everyone and Domain\Domain Users with Read and also with Full Control and I'm still being blocked.
Best Answer
This is most likely from the loopbackcheck when testing locally on the server. I bet it works if you test it from another server.
Turn off the loopback check using method 2 from this page: http://support.microsoft.com/kb/896861. A reboot isn't required for your change.
As for permissions, with impersonation enabled it will need the authenticated user, plus the app pool user will be needed some some things. So, the key permissions to use are SYSTEM, Administrators, "IIS APPPOOL\{apppoolname}" and a group for the possible users that will authenticate.