I have an IIS7 website that is set to run in its own application pool. The application pool is configured as:
Managed Pipeline Mode: Integrated
Identity: I_siteuser (account is member of IIS_IUSRS)
The website physical path is: d:\websites\testsite\www and the account I_siteuser has modify permissions on the folder.
If I set the website to use pass-through authentication I get a security error:
HTTP Error 401.3 - Unauthorized
If I configure the site to use a specific user (I_siteuser) I can view pages and run scripts just fine.
I was under the impression that if I use pass-through authentication then the identity of the application pool would be used (which in this case is configured to run under the identity of I_siteuser).
This seems not to be the case and the identity that the site runs under is actually the built-in account IUSR. I verified this by adding read/exec rights to the website folder for IUSR.
Is there another setting I'm missing here?
I also tried enabing Basic Authentication and Windows Authentication on the site but this just causes login dialogues to appear.
Bootnote:
I did ask this question on ServerFault, but as I pointed out in this meta question it seems like an overlapping question. There seem to be more eyes on SO and I feel most developers using IIS7 will have encountered this issue.