which user runs my asp.net user?

Question

i've always read that the user you set in the IIS website/virtual directory is the user that runs the app (anonymous user identity)

But in the application pool, i can also set a user (process model, identity)

what is the difference between the two, and which one will need access if i do a file read?

EDIT:

the bounty is for this quesyion ' but if i use 'anonymous authentication', is the user i choose in the 'anonymous user identity' ever used? – ' posted as comment

Answer 1

Checkout this post. Quote:

The two accounts are different things. Think of the website identity representing the user of the site. If you create a new website this account is the anonymous IIS account. If you disable "Anonymous Authentication", your users will have to authenticate against the website (in a intranet/Windows domain site this could be implicite using the network credentials.)

The application pool identity is the Windows account needed for running your assemblies. Normally it is the "Network Service" account which is a least privileged account with limited user rights and permissions. It does have network credentials. This means that you can use it to authenticate against network resources in a domain. You can also use it to access a SQL Server database with integrated security.

For example, if your ASP.NET application has to write to a folder, you have to grant the permission to the application pool account, not to the website account. For more information on application pool identities, read here.