Identity pool in IIS7

tags:

asp.net
iis

views:

answers:

Identity pool in IIS7

Hi,

I have a web app hosted in IIS7 and I have set the appPool to run as administrator. Now if the user logs in (form authentication), the IIS will use administrator account (in the appPool) to access the database however if the user does not log in then IIS will use 'NT AUTHORITY\IUSR' account which is causing an error: Login failed for user 'NT AUTHORITY\IUSR'.

can anyone please explain why it is not using the administrator account while the user does not login?

+1 A:

I can't verify that it's correct what you're saying but i can tell you how you should do it.

1) The AppPool user should have the least permissions possible, certainly not administrator permission. It's best to leave the AppPool user to the default NETWORK SERVICE unless you really know what you're doing.

2) You should create a user on your database, again with the least needed permissions, and use that user in the ConnectionString in your web.config.

Jeroen 2010-08-16 03:59:54

yes... this is only for testing.. a dedicated windows account with limited permission will be created for appPool during release phase.. Now the question is in what circumstance the IIS uses appPool identity and not (which is using 'NT AUTHORITY\IUSR')?

2010-08-16 04:15:58

As far as i know the AppPool user runs all the worker processes of your app. Signed in or not. I think you need to look elsewhere. Are you using impersonation in your web.config?

Jeroen 2010-08-16 04:25:18

i would've thought so.. but i have run the sql profiler. First time the application get accessed (which no user authenticated), it uses the 'NT AUTHORITY\IUSR' account and when the user logs in, it then uses the identity in app pool..

2010-08-16 06:26:55

ansaurus

tags:

views:

answers:

Identity pool in IIS7

related questions