Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Sharepoint impersonates the IUSR account and is denied access to resources
Article ID: 2686411 - View products that this article applies to.
Consider the following scenario:
You have configured a Forms-based authentication Web Application on a Sharepoint 2010 Server.
On trying to generate an Audit report, you receive the following error:
System.Runtime.InteropServices.COMException: Error HRESULT E_FAIL has been returned from a call to a COM component.
You investigate the process execution using Process Explorer ( http://technet.microsoft.com/en-us/sysinternals/bb896653
(http://technet.microsoft.com/en-us/sysinternals/bb896653)) and notice that the process includes a lot of
Token NT AUTHORITY\IUSR:3e3
You may receive the following error in SQL:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
This is expected behavior at the time of creation of this article.
The knowledge base article 979917
This hotfix makes a new application setting available in ASP.NET 2.0. The new application setting is 'aspnet:AllowAnonymousImpersonation'. You can enable this setting by adding the following section to the Web.config file:
To enable this setting, you must have IIS 7 or IIS 7.5 running in Integrated mode. When this setting is enabled, the application runs under the security context of the IUSR identity.
Additionally, creating a Forms-based Authentication Web Application will enable the setting and set it to true.
To workaround the issues, you need to determine if the setting is mandatory for your environment, and if not, you can set it to 'false'.
Be advised that editing the Authentication provider for the web application will re-set the setting to the default value (true).
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.