RSS Feed Feed your read!

Scot Hillier is an independent consultant and Microsoft SharePoint Most Valuable Professional focused on creating solutions for Information Workers with SharePoint, Office, and related .NET technologies. A frequent speaker at TechEd and SharePoint Connections, he is also the author many books on Microsoft technologies including 5 for SharePoint 2010. Scot splits his time between consulting on SharePoint projects and training for Critical Path Training. Scot is a former U. S. Navy submarine officer and graduate of the Virginia Military Institute. Scot can be reached at


January 2010 (17)
February 2010 (1)
March 2010 (1)
April 2010 (2)
May 2010 (1)
June 2010 (1)
August 2010 (4)
September 2010 (6)
October 2010 (3)
November 2010 (2)
February 2011 (1)
March 2011 (4)
April 2011 (3)
May 2011 (1)
August 2011 (1)
March 2012 (1)
April 2012 (1)
July 2012 (3)
August 2012 (1)
September 2012 (1)
October 2012 (2)
November 2012 (3)
January 2013 (2)
February 2013 (3)
March 2013 (3)
April 2013 (3)
May 2013 (1)
September 2013 (2)
November 2013 (5)
January 2014 (2)
February 2014 (2)
March 2014 (1)
April 2014 (1)
May 2014 (1)
July 2014 (1)


IT Unity
SharePoint Team Blog
Andrew Connell's Blog

Tag Cloud

Apps, Books, Business Data Connectivity, Claims, Conferences, JavaScript, jQuery, MOSS 2007 Archived Post, PowerShell, REST and CSOM, Search, SharePoint 2010, SharePoint 2013, Web Content Management,

Azure Web Role Alters Anonymous User Account 


Lately, I am working on SharePoint 2010 and Azure projects. This involves using various approaches such as Business Data Connectivity with SQL Azure data and web roles. During development, I found a repeatable problem that fouls up the BDC Service Application when working with Azure web roles. Fortunately, it can be fixed.
My environment is a single Windows 2008 R2 server with SharePoint 2010 and Visual Studio 2010 on the image. I have installed v1.4 of the Azure SDK.
To reproduce the problem, simply make a new Azure web role project in Visual Studio 2010. Run the project in debug mode. Now go to Central Administration>Manage Service Applications>Business Data Connectivity Service. You will receive an "Access Denied" message.
Furthermore, it doesn't matter what account you log in under - even the SHAREPOINT\SYSTEM account. Everything is denied.
Well it turns out that Azure is making changes to IIS when it runs. In particular, it is changing the Anonymous account from "IUSR" to "Application Pool". This is causing the SharePoint STS to stop working correctly so it can't communicate with the service application. Interestingly, other service applications do not appear to be affected.
The solution to the problem:
1. Open the IIS Manager
2. Click the server name
3. Double-Click the Authentication Feature
4. Right-Click "Anonymous Authentication" and select Edit from the context menu.
5. Set the identity of the Anonymous Account to a Specific User instead of "Application Pool".
6. Save changes and everything is working again.
Note that Azure will change this setting every time you run in debug mode. If you want a permanent fix, use the SHAREPOINT\SYSTEM account as the Anonymous User account and the application pool account for the Default app pool. Obviously, this is only valid for development environments.
Posted by Scot Hillier on 6-May-11
0 Comments  |  Trackback Url  |  Link to this post | Bookmark this post with:        

Links to this post