PRB: "Access denied" Error Message When You Run an ASP.NET 1.0 Application in IIS 6.0


When you run an ASP.NET Web Application project on a computer running Windows Server 2003 with the .NET Framework 1.0 installed, and the Internet Information Services (IIS) 6.0 is running in IIS 5.0 isolation mode, you may receive the following error message if you do not grant the seImpersonatePrivilege function to the ASPNET account:
System.Web.HttpException: Access denied to 'd:\inetpub\wwwroot\ImpersonateTest\WebForm1.aspx'. Failed to start monitoring file changes.


To resolve this problem, grant the seImpersonatePrivilege to your ASPNET account. To do so, follow these steps:
  1. Click Start, point to
    Settings, and then click Control Panel.
  2. Double-click Administrative Tools.
  3. Double-click Local Security Policy. Under
    Local Policies, click User Rights Assignment.
  4. In the details pane, double-click Impersonate a client after authentication.
  5. Click Add, and then assign the permission to the local account that you name ASPNET.
  6. Open a command prompt, and then type


This behavior is by design.

More Information

Steps to Reproduce the Behavior

Create an ASP.NET Web Application Project

  1. In Microsoft Visual Studio .NET, use Microsoft Visual Basic .NET or Microsoft Visual C# .NET to create a new ASP.NET Web Application project. By default, WebForm1.aspx is created. Name the project
  2. Double-click Design View of WebForm1.aspx, and then replace the code that exists in the code-behind page with the following code:

    Visual C# .NET Code
    using System;
    using System.IO;

    namespace ImpersonateTest
    /// <summary>
    /// Summary description for WebForm2.
    /// </summary>
    public class WebForm1 : System.Web.UI.Page
    string file_name = "C:\\TestFolder\\MyFile.txt";
    private void Page_Load(object sender, System.EventArgs e)
    if (!File.Exists(file_name))
    Response.Write("File not found ");
    StreamReader sr = File.OpenText(file_name);
    String input;
    while ((input=sr.ReadLine())!=null)


    #region Web Form Designer generated code
    override protected void OnInit(EventArgs e)
    // CODEGEN: This call is required by the ASP.NET Web Form Designer.

    /// <summary>
    /// Required method for Designer support - do not modify
    /// the contents of this method with the code editor.
    /// </summary>
    private void InitializeComponent()
    this.Load += new System.EventHandler(this.Page_Load);
    Visual Basic .NET Code
    Imports System.IO
    Imports System

    Public Class WebForm1
    Inherits System.Web.UI.Page

    #Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

    End Sub

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
    'CODEGEN: This method call is required by the Web Form Designer
    'Do not modify it using the code editor.
    End Sub

    #End Region
    Dim file_name As String = "C:\TestFolder\MyFile.txt"
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

    If Not File.Exists(file_name) Then

    Response.Write("File not found ")

    End If

    Dim sr As StreamReader = File.OpenText(file_name)
    Dim input As String
    input = sr.ReadLine()
    While Not input Is Nothing
    input = sr.ReadLine()
    End While
    End Sub
    End Class
  3. On the Build menu, click
  4. Create a folder named
  5. Open Microsoft Notepad, create a text file, and then save the file as MyFile.txt in the following location:

Create a User Account

  1. Click Start, point to
    All Programs, point to Administrative Tools, and then click Computer Management.
  2. In Computer Management, expand System Tools, and then expand Local Users and Groups.
  3. Right-click Users, and then click
    New User.
  4. In the User Name text box, type
    ImpersonateUser. In the Password and in the
    Confirm Password text boxes, type the word,
    password. Click to clear the User must change password at next logon check box.
  5. Click Create, and then click

Add a User Account to the IIS_WPG Group

  1. Click Start, point to
    All Programs, point to Administrative Tools, and then click Computer Management.
  2. In Computer Management, expand
    System Tools, expand Local Users and Groups, and then click Groups.
  3. Double-click IIS_WPG .
  4. In the IIS_WPG Properties dialog box, click
    Add to add the ImpersonateUser user to the
    IIS_WPG Users group.
  5. In the Select Users or Groups dialog box, type ServerName\ImpersonateUser in the textbox, click
    OK, and then click OK again.

Set Access Permissions to the Folder

  1. In Windows Explorer, locate TestFolder.
  2. Right-click TestFolder, and then click
  3. On the Security tab, click
  4. Type ServerName\ImpersonateUser\, and then click
    Allow the following permissions for the ImpersonateAccount:
    • Read & Execute
    • List Folder Contents
    • Read
  5. Click OK.

Enable Impersonation for the Application

  1. Open the Web.config file.
  2. Add an <identify> section in the <system.web> tag section as follows:
    <identity impersonate="true" 
  3. Save the Web.config file, and then close it.

Test the Application

  1. Type the following URL in the browser:
  2. You receive the error message mentioned in the "Symptoms" section.


For more information about ASP.NET Impersonation, visit the following Microsoft Developer Network Web site: