ASP.NET Impersonation in web.config vs. running the app pool with custom identity

Ok so I'm using ASP.NET MVC. I'm supposed to upload a file and write it to a network share.

I'm getting "Logon failure: unknown user name or bad password." when I try to write to the network location.

I solved it on my machine by impersonating the file server account, added this to web.config:

<identity impersonate="true" userName="xx" password="xx"/>

But when we made the build on the server, the admin suggested to run the App Pool under a custom identity instead of my solution (don't ask why), that in theory would be 开发者_如何学JAVAthe same thing... But it wasn't, we got the "Logon Failure" exception again.

What is the difference between these two methods and why doesn't the later work?

Thanks in advance!

Change the application pool to run under the account that has access to the network share, or create a new application pool which these credentials.

Your Sys Admin is thinking of security. If he creates an IUSR account (or something like that), then he can restrict what it sees. As a developer your account will probably have permissions to servers and lots of other stuff, which your MVC site doesn't need.

So, if you set the App Pool to use your logon credentials it'll probably work, but if the site doesn't work using the account the Sys Admin wants, then he or she will have to give that account some permission to the network share.