This article mainly applies to situations where you are using ASP.NET's built-in identity impersonation feature (without integrated authentication). By default, ASP.NET will run under the ASPNET account identity. There are several ways to change this, but perhaps the easiest and most secure is to change the identity of the virtual directory by going to the IIS manager, right-clicking on the applicable virtual directory or site, choosing Properties, clicking on the Directory Security tab, and then choosing Edit. This will bring up a dialog that will let you control the "anonymous" user for that site or virtual directory.
Ensure that Anonymous access is checked and then choose the account identity you want the application to run under. By default, this will be IUSR_MACHINENAME, but you can create and use any account for this purpose. For this article, we'll leave the default, but if you do change the identity to an account you created, be sure it has all of the appropriate permissions. In IIS 6.0 (Windows Server 2003), it's a simple matter of adding the account to the IIS_WPG group, but it is a little more complex for IIS 5.x (Windows XP/2000). For more information on this, see this KB article.
So, once you've configured the identity you want, you can close out of IIS manager. The next thing you need to do is add the following element under the system.web element in your application's web.config (or you can do this in machine.config to configure impersonation for all applications, as some hosters do).
<identity impersonate="true" />
That should be it, your application should now run under the identity you configured in the first step for the virtual directory or site. In our case, the application is now running under IUSR_MACHINENAME.