I'm developing a web app that performs Active Directory updates using LDAP.
When I host the app on an IIS 7, I get the Access is denied
error at the statement directoryEntry.CommitChanges();
.
Then I found out that the application pool is using the identity "IIS APPPOOL\ASP.NET v4.0" to perform the update.
I need the window's account of the user who is using the web application to be the identity of the application pool.
I have done the following:
- Add > authentication mode="Windows" in web.config
- Disabled anonymous authentication on IIS
- Select the built in account "ApplicationPoolIdentity" as the application pool's identity
But haven't still got it to work.
Best Answer
the concept you are looking for is called Impersonation
from the documentation: