Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between connect as and application pool identity

In IIS 7.5 there is a "Connect as" option under basic settings, for the application. What is this? Why was this feature introduced? Will it override the application pool identity or the other way around?

like image 329
developer747 Avatar asked Jan 05 '12 20:01

developer747


People also ask

What is application pool identity?

An application pool identity allows you to run an application pool under a unique account without having to create and manage domain or local accounts. The name of the application pool account corresponds to the name of the application pool.

What is an application pool?

Application pools in Internet Information Services (IIS) is a mechanism designed to comprise a group of web applications corresponding to one or more worker processes (w3wp.exe) sharing a common configuration.

What is application pool and what is the main use of application pool?

An application pool defines a group of one or more worker processes, configured with common settings that serve requests to one or more applications that are assigned to that application pool.


1 Answers

The same question was asked and answered here. Check it out. Basically:

The two accounts are different things. Think of the website identity representing the user of the site. If you create a new website this account is the anonymous IIS account. If you disable "Anonymous Authentication", your users will have to authenticate against the website (in a intranet/Windows domain site this could be implicite using the network credentials.)

The application pool identity is the Windows account needed for running your assemblies. Normally it is the "Network Service" account which is a least privileged account with limited user rights and permissions. It does have network credentials. This means that you can use it to authenticate against network resources in a domain. You can also use it to access a SQL Server database with integrated security.

For example, if your ASP.NET application has to write to a folder, you have to grant the permission to the application pool account, not to the website account.

like image 106
igor Avatar answered Sep 19 '22 19:09

igor