Thursday, 9 May 2013

Who or what is Application Pool Identity?

In IIS, there is often some confusion as the to identities that the application pools can take and which determine the permissions that you need to set for folder access if, for instance, your web site writes to a log file or stores files on the file system.

Historically, there were a fixed set of options you could choose including a specific user but since most people are lazy, they tended to opt for Network Service which would always be available and which would have pretty good access to everything. You could also choose to use Windows Integrated authentication in your site which could impersonate the user who is accessing your web app.

In IIS7, however, the folks at Microsoft decided to add another (default) identity for an application pool and that is "Application Pool Identity", which very simply is a user created with the same name as the Application Pool itself and which allows you to have very fine grained control over who has access to what, especially on a server that hosts multiple sites.

So, if your application pool is called "My App Pool", the user will also be called "My App Pool". This means to add permissions to folders, simply find the user with the same name as the App Pool and give them the appropriate permission.
Post a Comment