I have an internal intranet application that requires custom impersonation to access some documents stored on a network server for a small number of pages within the site. The application requirement is to not impersonate a user by default - only in the cases where elevated access to company files is required. As such I have implemented a class based on the information here: http://support.microsoft.com/d...
The file is being sent to the client via an MVC 3 controller returning a FileResult object, i.e. return new file(...). All of the controller code is wrapped by a using statement that implements a class the impersonation code in the artice above.
The class and code works perfectly on my local machine and elevated users can download the required files (win 8.1 - IIS version 8.5)
However when deployed to Win Server 2008 R2 I get a not authorised security exception thrown when trying to return the file.
On my local machine the app pool is set to use "ApplicationPoolIdentity". This was also true on the server.
In order to make it work I changed the App Pool identity on the server to be "local system" after reading that the app pool identity user must have the "Act as part of the operating system" privilege - which the ApplicationPoolIdentity does not. This seemed odd as it works fine on my machine and I have never set this. Also the article says that setting only applies to apps using .net 1.0. However, I made the change and then it works correctly.
It is written that setting the app pool to use the local system account is not good practice so I was wondering if you had any advice on how to make this work on Server 2008 R2 while still using the "ApplicationPoolIdentity" process identity.
Thanks