In my ASP.NET application, I use a WebClient to download a file. This file is almost always on the company intranet, and requires permission to access. Whenever I run the application in VS, it works fine, because it is running in the context of my own permissions. However, when it is deployed to IIS, it runs in the context of “Network Service”‘s permissions, which are basically non-existent (as you would expect) when it comes to the intranet.

I can see a few poor solutions here:

• Make an account specifically for the application, the details for which would be located in web.config and provided to the WebClient as strings. This is suboptimal, as not all users of the service have the same permissions.
• Require a username and password to be entered. This would never be approved, as the company uses certificates wherever possible. Passwords are used to log in to Windows, and almost everything past that point uses Windows authentication with the help of Kerberos

The optimal solution would be to pass the credentials of the current person accessing (and providing Windows authentication data via Kerberos) directly to the WebClient object. Is this possible? If so, how so? I would be so immensely grateful if someone could tell me, or at least put me out of my misery and tell me it cannot be done.