IIS Express - Impersonate a windows account

I'm using IIS Express to host my website, and I would like to do something similar to Directory Security in IIS 6. In IIS 6, I was able to go to the Directory Security tab and allow the anonymous user to be a local windows account.

Is there something equivalent in IIS Express for that? What chang开发者_Go百科es do I need to make in applicationhost.config?

Thanks

IIS Express process runs under the logged on user. With default settings, anonymous requests will execute under the identity of the process. There is a way to configure explicit user for anonymous authentication, by editing applicationhost.config (in "%userprofile%\documents\iisExpress\config\") and setting your anonymous user and password in anonymousAuthentication section <anonymousAuthentication enabled="true" userName="foo" password="bar" >

Notes:

• the crypto context is not setup for the IIS Express (unless IIS happens to be also installed on the machine), so encrypted settings will not work
• you cannot make the above setting programatically because programmatic setting will try to set password encrypted and will fail.
• configured user will not have access to the "%userprofile%\documents\My web sites" directory. You will get a confusing authentication/authorization error.
• If you want to use explicitly configured anonymous account, it may be the best to copy your IIS Express site directory outside the "%userprofile%\documents" since sharing the files inside your user profile with other users is not a good idea from the security standpoint.