At a customer site I am working at SharePoint 2010 was running in claim based mode with Kerberos. In a piece of code I was running I used a new
HttpWebRequest object to retrieve images from a images library.
string url = "http://mysite.dev.local/applicationicons/icon1.png"; var request = (HttpWebRequest)WebRequest.Create(url); request.UseDefaultCredentials = true; response = request.GetResponse(); result = Image.FromStream(response.GetResponseStream());
The GetResponse() method was giving me a 401 status code. When I was debugging I noticed that the user acount being used to retrieve the image was the NT Authority\IUSR account.
This account has no permissions on my SharePoint site. After searching the web I cam across this Kb Article from Microsoft.
It describes a new Appsetting:
<appSettings> <add key="aspnet:AllowAnonymousImpersonation" value="true" /> </appSettings>
After investigating I saw this option present I my SharePoint site with a value true. After changing this to false my code works and is executed under the account currently logged in.
When you create a SharePoint 2010 Webapplication with claim based authentication this option is default present in the web.config and set to true.