You create a Microsoft ASP.NET Web application by using the Microsoft .NET Framework version 3.5.  You use Windows Authentication for the application. You set up NTFS file system permissions for the Sales group to access a particular file. You discover that all the users are able to access the file.  You need to ensure that only the Sales group users can access the file. What additional step should you perform？（）

• A、Remove the rights from the ASP.NET user to the file. 
• B、Remove the rights from the application pool identity to the file. 
• C、Add the <identity impersonate="true"/> section to the Web.config file. 
• D、Add the <authentication mode="[None]"> section to the Web.config file.