Apr 21, 2009

IIS Error Message: Either a required impersonation level was not provided, or the provided impersonation level is invalid.

If you got this error message when impersonating a logon user, you need to check your pool id and make sure it has "act as part of operating system" right.

1. Open Control Panel > Administrative Tools > Local Security Settings.
2.In the left panel, select Security Settings > Local Policies > User Rights Assignment.
3. Open Act as part of operating system.
4. In the Act as part of the operating system Properties dialog, click Add User or Group.
5. IISReset

Some documents say this is not necessary in Win2003, but it does happen when impersonating in the code.

Other right of application pool (including Network Service):
  • Adjust memory quotas for a process
  • Generate security audits Log on as a service
  • Replace process level token
  • Impersonate a client after authentication
  • Allow logon locally
  • Access this computer from the network