What user is my app using to access the file system?

Question

I have an application that is getting a System.UnauthorizedAccessException error when it tries to read from the file system.

I looked at the app pool and I see that is using Network Service for it's identity. The IIS application is allowing anonymous authentication using an existing account, lets call it IUSR-MYSERVER. It also has Integrated Windows authentication enabled.

If I go to the folder in question and Add Everyone with Read+Execute permissions the error goes away. But if I add IUSR-MYSERVER or NETWORK SERVICE with the same permissions, I still get the same error.

When I look at the error's entry in my Event Log it has the User as N/A.

What user is my application trying to access the file system as? I assume it would be bad to just use Everyone?

@EmeraldCoder, is there a way I could just figure out what user it is currently running as? — Abe Miessler, Nov 05 '12 at 00:53
if you just want to know what user is running you can look at this post : http://stackoverflow.com/questions/275824/how-to-find-out-which-account-my-asp-net-code-is-running-under — EmeraldCoder, Nov 05 '12 at 01:01

score 0 · Accepted Answer · answered Nov 05 '12 at 09:43

If the web application uses impersonation, then the file would be accessed by the currently logged in user (or IUSR for anonymous users) - using Integrated Windows Authentication and IE would result in single sign on so the user opening the browser would be accessing the file.

If the impersonation is not used, then application pool identity is used.

To determine the currently logged in user in code, use System.Threading.Thread.CurrentPrincipal.Identity.Name - but note that this does not represent the account which is accessing the file.

To determine the actual identity under which the code is executing, use System.Security.Principal.WindowsIdentity.GetCurrent().Name.

What user is my app using to access the file system?

1 Answers1