当用户浏览到一个ASP.NET网站，是冒充 ASPNET 帐户或IIS-指定的帐户>目录安全性 - >用于匿名帐户的用户访问（例如： IUSR_XXX ）

我的网站将文件写入到磁盘，我想知道其中的这些账户需要写访问该文件夹？此外，有人可以解释如何在web.config中关系的冒充元素融入这一切？

谢谢！

解决方案   

如果启用模拟在ASP.NET应用程序，然后：

        如果匿名访问在IIS中启用，该请求被使用IUSER_机器名账户。   如果匿名访问在IIS中禁用，请求使用验证用户的账户。   在任一情况下，该帐户的权限在Windows的访问控制列表（ACL）的资源（多个），该用户请求被选中，和一个资源仅当它们存在下运行的帐户是有效的那的资源。         

如果模拟被禁用在ASP.NET应用程序，然后：

        如果匿名访问在IIS中启用，请求使用系统级进程账户。   如果匿名访问在IIS中禁用，请求使用验证用户的账户。   在任一情况下，该帐户的权限在Windows ACL中被检查的资源（多个），该用户请求，并且如果该帐户它们一个资源仅可   运行下是有效的该资源。   

来源：了解模拟在ASP.NET

When a user browses to a ASP.NET website, is the user impersonating the ASPNET account or the account specified in IIS->Directory Security->Account used for anonymous access (EX: IUSR_XXX)

My website writes files to the disk and I was wondering which of these accounts need write access to the folder? Also, can someone explain how the impersonate element in the web.config ties into all this?

Thanks!

解决方案

If impersonation is enabled in an ASP.NET application then:

If anonymous access is enabled in IIS, the request is made using the IUSR_machinename account. If anonymous access is disabled in IIS, the request is made using the account of the authenticated user. In either case, permissions for the account are checked in the Windows Access Control List (ACL) for the resource(s) that a user requests, and a resource is only available if the account they are running under is valid for that resource.

If impersonation is disabled in an ASP.NET application then:

If anonymous access is enabled in IIS, the request is made using the system-level process account. If anonymous access is disabled in IIS, the request is made using the account of the authenticated user. In either case, permissions for the account are checked in the Windows ACL for the resource(s) that a user requests, and a resource is only available if the account they are running under is valid for that resource.

Source: Understanding Impersonation in ASP.NET