IIS & Web hosting: How to configure a website to use impersonation in IIS 7.0

I recently upgraded one of our webservers from IIS 6.0 to IIS 7.0. The upgrade process was not really seamless as I expected. In the past, I have upgraded many of our webservers but both new and old servers were running IIS 6.0. In case of IIS 6.0, it was pretty easy to export all website configuration from old server and import them to the new server.

This approach did not work with migration from IIS 6.0 to IIS 7.0. You cannot import the IIS settings from IIS 6.0 to IIS 7.0. Microsoft has provided some tools to make the migration easier, but setting up the tool itself was not an easy job. So finally I decided to go for manual setup of my websites - about 50 of them. I took about 1 week to complete this process since I was spending only about an hour a day for the upgrade process.

In this post, I would like to share one of the challenges I faced during the upgrade from IIS 6.0 to IIS 7.0

The user interface of IIS Manager is significantly changed in the new version. Discussing all change in IIS 7.0 is not in the scope for this article. I am going to talk about how to enable impersonation in IIS 7.0 websites.

One of our websites use Impersonation and a specific user account with special permissions to access certain system resources. The first step in enabling impersonation is, setting up the correct attributes in the web.config file:

<system.web>
<identity impersonate="true" password="xxxxxx" userName="xxxxxxx" />

By using the attribute impersonate="true", you are telling IIS that this website will be impersonating the configured user account.

Configure the website to use specific user account

The next step is, you need to go to IIS Manager and configure the user account you want to impersonate by this website.

Steps:

1. Open IIS Manager

2. Expand computer name

3. Expand websites

4. Click on the specific website for which you want to use impersonation

5. On the right panel, under the heading "IIS", double click "Authenticaion".

6. Right click on "ASP.NET Impersonation" and select "Edit"

7. Choose "Specific User".

8. Click the SET button to provide the specific user name and password.

Press OK at the popup dialog to complete this step on enabling impersonation for website in IIS 7.0.

How to choose process identity for Application Pool in IIS 7.0
To set the correct user identity for the application pool, follow the steps below:

1. Open IIS Manager

2. Click on "Application Pools" under the computer name

3. On the right panel, right click on the application pool name

4. Select "Advanced properties"

5. Select "Identity" under "Process Model".

6. Click on the button to set the user account.

7. Select "Custom account"

8. Click on the button to specify the user account and password.

9. Press "OK".

Recycle the app pool by right clicking on the application pool name and selecting "Recyle" on the right click context menu to ensure all configuration changes have taken place.

You are all set to use your application with the impersonated user account.

NOTE: If you are using Integrated Security in your connection string, make sure you create a user account in your database mapping the impersonated account and grant appropriate permissions.

How to configure a website to use impersonation in IIS 7.0

Post Comment: