Using IIS 7.5 warm-up module with ASP.NET MVC AuthorizeAttribute

I created a controller in my ASP.NET MVC application to handle the application warm-up/initialization (i.e. initial loading of web service client proxies and other actions that can initially take a good chunk of time). To call the WarmUp controller, I am using the IIS 7/7.5 warm-up module to send a request whenever the application pool starts up.

I do not want all users to be able to execute the WarmUp controller actions, so I decorated the controller with an [Authorize] attribute. I even created a group in my domain that contains the users who should be allowed to execute the warm-up actions, and added this group as a role for the authorize attribute (i.e. [Authorize(Roles = @"MyDomain\AppWarmUp")]).

If I manually invoke the WarmUp controller using a web browser and provide proper credentials, everything works as expected. However, when using the IIS warm-up module, even when I provide proper credentials, I am seeing warnings in my Application event log specifying that the authentication failed.

If I specify only a type and user name for the warm-up module's user context, I get a ProviderException with the message

Method is only supported if the user name parameter matches the user name in the current Windows Identity.

If I specify both a username and password/token, I get an ArgumentException with the following message:

Invalid token for impersonation - it cannot be duplicated.

If I remove the [Authorize] attribute from my controller, then the warm-up module's request goes through without any exceptions. However, I would like to avoid the case where all users can access the WarmUp controller, if possible. Could this be a bug in the warm-up module or am I missing something?

It may also be worth noting that I have tried the ASP.NET 4.0 application auto-start functionality as well, but it did not seem to have the same effect as making 开发者_JAVA百科an actual request to the application does. Are there any other alternatives to consider?

The problem is likely due to the User Account being used to execute the WarmUp requests in your site in IIS. Be sure that you change the Identity setting under the Application Pool's advanced settings as well as the Physical Path Credentials under the website's Advanced Settings in IIS. I can't remember which of these will work so try either/or/both.

When you manually make the requests from the browser you are impersonating the account. When IIS makes the request via WarmUp module it is using one of the accounts specified above.