How to configure a website to use impersonation in IIS 7.0

In this post, I will discuss how to configure a website properly to use impersonation in IIS 7 and share my experience in upgrading from IIS 6.0 to IIS 7.0

I recently upgraded one of our webservers from IIS 6.0 to IIS 7.0. The upgrade process was not really seamless as I expected. In the past, I have upgraded many of our webservers but both new and old servers were running IIS 6.0. In case of IIS 6.0, it was pretty easy to export all website configuration from old server and import them to the new server.

This approach did not work with migration from IIS 6.0 to IIS 7.0. You cannot import the IIS settings from IIS 6.0 to IIS 7.0. Microsoft has provided some tools to make the migration easier, but setting up the tool itself was not an easy job. So finally I decided to go for manual setup of my websites - about 50 of them. I took about 1 week to complete this process since I was spending only about an hour a day for the upgrade process.

In this post, I would like to share one of the challenges I faced during the upgrade from IIS 6.0 to IIS 7.0

The user interface of IIS Manager is significantly changed in the new version. Discussing all change in IIS 7.0 is not in the scope for this article. I am going to talk about how to enable impersonation in IIS 7.0 websites.

One of our websites use Impersonation and a specific user account with special permissions to access certain system resources. The first step in enabling impersonation is, setting up the correct attributes in the web.config file:

<identity impersonate="true" password="xxxxxx" userName="xxxxxxx" />

By using the attribute impersonate="true", you are telling IIS that this website will be impersonating the configured user account.

Configure the website to use specific user account

The next step is, you need to go to IIS Manager and configure the user account you want to impersonate by this website.


1. Open IIS Manager

2. Expand computer name

3. Expand websites

4. Click on the specific website for which you want to use impersonation

5. On the right panel, under the heading "IIS", double click "Authenticaion".

6. Right click on "ASP.NET Impersonation" and select "Edit"

7. Choose "Specific User".

8. Click the SET button to provide the specific user name and password.

Press OK at the popup dialog to complete this step on enabling impersonation for website in IIS 7.0.

How to choose process identity for Application Pool in IIS 7.0
To set the correct user identity for the application pool, follow the steps below:

1. Open IIS Manager

2. Click on "Application Pools" under the computer name

3. On the right panel, right click on the application pool name

4. Select "Advanced properties"

5. Select "Identity" under "Process Model".

6. Click on the button to set the user account.

7. Select "Custom account"

8. Click on the button to specify the user account and password.

9. Press "OK".

Recycle the app pool by right clicking on the application pool name and selecting "Recyle" on the right click context menu to ensure all configuration changes have taken place.

You are all set to use your application with the impersonated user account.

NOTE: If you are using Integrated Security in your connection string, make sure you create a user account in your database mapping the impersonated account and grant appropriate permissions.

Article by Tony John
Tony John is a professional blogger from India, who started his first Weblog in 1998 at Tony switched to blogging as a passion blended business in the year 2000 and currently operates several popular web properties including,, and many more.

Follow Tony John or read 638 articles authored by Tony John

Related Articles

IIS App pool crashing on startup

Today I found my IIS application pool crashes on start up with the following error: The identity of application pool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request.

More articles: IIS Server IIS Server Web Servers IIS Server


Guest Author: Pablo13 Sep 2013

In my case I didn't have to put the username and password on the web.config file. I just have the identity impersonate=”true”.
I would like to know what will happen if the credentials entered changed? Do we have to re-enter them on the IIS again?

Guest Author: wanttolearn116 Nov 2013

Should i use impersonate like in this case :

Can you explain more in detail when to use impersonate in IIS 7?

Guest Author: Scott13 Jul 2015

I'm using IIS 8 and want to use Impersonation when running a .ashx web handler. If I create a directory under wwwroot and place my .ashx file there, do I need a web.config file there? If not, where is the web.config file that I need to update?

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: