We have an ASP.NET Site in .NetFramework 2 (with App Pool 2 Classic in IIS 7.5), We use mixed Authentication with Basic Authenticate
and Form Authenticate
.
The Configuration in IIS is:
And have specific user in Anonymous Authentication named: Guest
.
When The user Login with another username like Admin
we use impersonate:
string Token = GetSpecificTokenOfCurrentUser();
System.Security.Principal.WindowsIdentity WinUser = (WindowsIdentity) HttpContext.Current.Application["User_"+Token];
WinUser.Impersonate();
So every thing is perfect until we upgrade website to .NetFramework 4 and add a lot of features in .NET 4 to website, and we figured we have a new Problem.
The problem is the user login with Admin
And open some pages (3-4) all together in same time, like quickly opened in new tab, the User Not impersonated in some cases. Like the first page impersonated correctly to Admin
but another pages not impersonated and still have Guest
User.
This is so weird, we don't have any changes in Authentication Part. the changes is we upgrade to .NetFrameWork 4 and App Pool is .NetFrameWork 4 - Classic.
We have a test in .Net 2 Version Of Website. every thing is OK, but we change the App Pool to .NetFrameWork 4 and the problem was shown.
So The question is what changes happened in .NetFramework 4 App Pool to Impersonate?
Is there any thing we missed? any suggestion?