I got a web site, who use Impersonation. When my anonymous user set to IUSR and the application pool identity set to NetworkService, some pages don't display. I get a blank page, with no error message.
If I put the anonymous user as ApplicationPoolIdentity and I put the pool identity to localSystem it's working fine.
If i put the anonymous user to an administrator user it's working fine.
I know I got a security problem, but I don't know what is the folder I need to set the security policy for everyting working fine.
I put read/write access to the web site folder to IUSR, IIS_IUSRS, network service and the group of my impersonate user.
Did some body have an idea what wong with my permission?
I also found this article, but with no success .. http://blogs.iis.net/webtopics/archive/2009/03/13/changes-to-application-pool-identities-in-iis-7-5-beta.aspx
Please refer to the article Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication.
This will give you a better understanding on the identity used by your ASP.NET application when impersonating. Give the necessary permission and you are good.
HTH
I found the problem.
http://forums.asp.net/p/1459236/3386036.aspx
There is the probleme
Microsoft has confirmed that this is a bug in .Net Framework 2.0, 3.0 and 3.5. Below is a quote from the e-mail I received from them:
"
The issue we are seeing is indeed a bug, and following is the explanation for the same.
Summary "The Params object is a collection of the QueryString, Form, Cookies, and ServerVariables object. When the params object is first created it adds each one of these objects to its collection in the FillInParamsCollection method. The first object to be stored is the QueryString object. If this object is not yet created, which in our case it is not, the constructor for this object tries to fill in the QueryString object. During this process it gets the encoding by calling a method on HttpRequest called GetEncodingFromHeaders(). This method specifically looks for a User-Agent that starts with "UP". If so it tries to retrieve the "x-up-devcap-post-charset" header from the Headers collection. However, since the Headers collection is not yet initialized it goes through its initialization routine as well. One of the things its initialization routine does, is set the Params collection to NULL. This is what causes the AV, when the FillInParamsCollection method tries to initialize the next object after the QueryString Object."
Workaround Pre-initialize the QueryString object to avoid the issue. Simply access Request.QueryString(). We don't have to do anything with it, just access it.
sample:
"
The solutions was to use in the code directly
Request["Value"]
and notRequest.Params["Value"]