Login/Register
Is it safe to set validateIntegratedModeConfiguration=false in order to continue using identity impersonate=true?
Asked Answered
asp.netiis-7iis-6impersonationintegrated-pipeline-mode
V

1

15

We have upgraded an ASP.NET web application from IIS6 to IIS7 integrated mode. Our application uses:

<identity impersonate="true"/>

and therefore we have had to set:

<validation validateIntegratedModeConfiguration="false" />

Is this sensible? My instincts say not, but searching on google for this issue, this "workaround" is suggested on every page visited.

Is impersonation no longer a good practice in IIS7 integrated, and should we abandon it and come up with a different solution?

Villeinage answered 6/3, 2012 at 16:13 Comment(4)
You may have better luck asking on serverfault.com as this is an IIS configuration question more than it's a programming question =)Suspensoid
It was my understanding that impersonation was frowned upon even on IIS6. I'd look into why you need to impersonate & what you can you do remove it, as you're kinda making life hard for yourself, as you can't use any of the new security features in IIS7Attar
@SimonHalsey thanks. have you got any references for the suggestion of bad practice? I think the main reason was for database purposesVilleinage
The biggest problem with impersonation is setting the account up correctly & ensuring it is sufficiently restricted. IIS7 introduced app pool identities which does all the work for you.Attar
C
4

@GregT: Below is the link that answers your question

http://forums.iis.net/t/1150266.aspx
http://mvolo.com/breaking-changes-for-aspnet-20-applications-running-in-integrated-mode-on-iis-70/

As I understand that specific line of code is added up to log issues as errors and perform the necessary operation.

Copland answered 3/1, 2014 at 12:26 Comment(1)
helpful links but some extra info on the practice of impersonation would be welcomeVilleinage

© 2022 - 2024 — McMap. All rights reserved.