41

is there a way to run iisexpress app pool under a different identity other than the currently logged in user?

I am getting around this problem using the "runas" command currently but I would like to know if there is something built-in to iisexpress that I can utilize.

Dan F
  • 11,958
  • 3
  • 48
  • 72
theKing
  • 1,616
  • 4
  • 18
  • 23

5 Answers5

35

It looks like this should be possible. In your IIS Express site's applicationhost.config file, there is a <processModel/> element defined in <applicationPoolDefaults> under <applicationPools>

The <processModel> element has attributes for userName and password.

From MSDN:

Specifies that ASP.NET will run the worker process with a Windows identity that is different from the Windows identity for the default process identity. By default, this attribute is set to the Machine, and the process runs under a user account named ASPNET that is created automatically when ASP.NET is installed. The password for the ASPNET account is cryptographically generated at the time of installation. If valid credentials are presented in this attribute and the password attribute, the process is run with the given account.

This should allow you to run the site under different credentials from the logged in user.

Federico Navarrete
  • 3,069
  • 5
  • 41
  • 76
Adam Price
  • 10,027
  • 1
  • 20
  • 16
  • 16
    One way to get the path to the applicationhost.config file is to click on Show All Applications in the IIS Express System Tray icon. Then click on the application in question. There will be a link to the full config file path. – Daniel Ballinger Nov 04 '14 at 23:21
  • 1
    I'm having a hard time getting these changes picked up. I posted a question here: http://stackoverflow.com/questions/28820491/iis-express-does-not-seem-to-be-picking-up-changes-to-applicationhost-config Any ideas? – Dan Forbes Mar 02 '15 at 22:23
9

I could not get the above solution to work and I wanted to be able to debug through Visual Studio while running IIS Express under different credentials.

  1. Open the command prompt using "Run as administrator" (you need elevated privileges)
  2. Navigate to the directory of Visual Studio in the command prompt (in my case: "cd C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE" for VS2010).
  3. runas /netonly /user:[domain]\[userid] devenv.exe
  4. Open your solution from VS and complete your TFS credentials (if applicable).

You can now debug as normal under IISExpress (assuming this is how you have your project configured) under the run as credentials. This is great if you need to use integrated security for database connections or something similar but need to use different credentials.

Glade Mellor
  • 1,326
  • 17
  • 10
  • Worked for me, VS2017 on Win10. Note that if you've never run VS under the specified "runas" account then it'll need to setup from scratch, so it might be handy to have the product key available :-) – Phil Nicholas Jan 05 '19 at 03:15
  • 2
    Hi @PhilNicholas - that's where `/netonly` comes in to play: "When you start a program with RunAs /netonly, the program will execute on your local computer as the user you are currently logged on as, but any connections to other computers on the network will be made using the user account specified" – spottedmahn Oct 08 '20 at 20:45
6

"runas" is only the solution. IIS Express maynot respect processModel settings which are defined in applicationhost.config file.

vikomall
  • 17,379
  • 6
  • 49
  • 39
1

Runas /netonly IISExpress.exe from command line does work and is very viable if you're as desperate for an answer as we were. Related post

Community
  • 1
  • 1
Beej
  • 794
  • 8
  • 15
0

I wonder if this really works - IIS Express seems to run all application pools in the same process - and that process is executed in the context of the current user...?

Seems the "Run as" option could work, but that would require us to launch IIS Express from the command line (or build event) instead of relying on Visual Studio starting it up. :(

Ted Nyberg
  • 7,001
  • 7
  • 41
  • 72