I’m working with an MVC application on a test server that used to work perfectly. It creates accounts on a server that a 2nd application uses for logging in. It uses a credential store and PrincipalContext and UserPrincipal objects to create these accounts.

I haven’t used the test version of this app for months or possibly almost a year. Now when I go to create an account with the application, I get the following error:

Access is denied.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.

To grant ASP.NET access to a file, right-click the file in Explorer,
choose “Properties” and select the Security tab. Click “Add” to add
the appropriate user or group. Highlight the ASP.NET account, and
check the boxes for the desired access.

I looked at anonymous access, but the production version of this app also has a rule to deny anonymous access and it’s working fine. This application never used impersonation even when it was working and I’ve heard that granting explicit access to ASP.NET is not generally recommended. I can make the application work locally through Visual Studio, but the version deployed to test continues to give this error. I would rater not republish the site to test, but perhaps that’s the only option left? Is there anything obvious (but not to me) that could have changed in the security settings to cause this? I’m still researching with no luck.

Thank you!