Geek Answers Handbook

Where (how?) Does IIS store its own application pool identifiers?

I have an application pool that I use for development ... and it works for me under my credentials (so I don't need to worry about access / access issues). Two things make me think that my credentials may just sit in a file (or registry entries) ... which is alarming:

  • When I change my password, I need to update the saved credentials
  • The settings dialog box has a password confirmation field.

If IIS just kept some kind of authentication token or something like that, I would expect only to enter the password once (since authentication took place immediately).

Does anyone know where my credentials are stored? Are they simply encrypted with some kind of system key and then pulled out and used when the application pool spins?

Here is the dialog in which I enter the credentials:

custom authentication for application pool

I open this dialog from the application pool. Additional settings:

Advanced application pool settings

Other information

IIS 7.5 for Windows 7

I use virtual accounts for other application pools, but this is not what I use here: I use actual Windows account credentials

UPDATE

Based on the reaction of nicolas-dietrich, I found the following ...

Application pool credentials (and general settings) for IIS 7.5 are stored in %systemroot%\System32\Inetsrv\config\applicationHost.config.

AesProtectedConfigurationProvider, (?) (, db - - )

/ , (...):

<configProtectedData>
    <providers>
        <!-- … -->
        <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="…" />
    </providers>
</configProtectedData>

<system.applicationHost>
    <applicationPools>
        <add name="DefaultAppPool" queueLength="5000" managedRuntimeVersion="v4.0" />
        <add name="GeneralDev" queueLength="5000" autoStart="true">
            <processModel identityType="SpecificUser" userName="mydomain\myusername" password="[enc:IISWASOnlyAesProvider:…:enc]" />
        </add>
        <!-- … -->
        <applicationPoolDefaults managedRuntimeVersion="v4.0">
            <processModel identityType="ApplicationPoolIdentity" loadUserProfile="true" setProfileEnvironment="false" />
        </applicationPoolDefaults>
    </applicationPools>        
    <!-- … -->
</system.applicationHost>

, ? ¯\_(ツ)_/¯

+4
1

IIS6 AppPool IIS (% systemroot%\System32\Inetsrv\metabase.xml) , W3SVC/AppPools//WAMUserPass.

, (http://www.jasonsamuel.com/2010/04/28/how-to-get-the-iusr-and-iwam-user-account-passwords-on-an-iis-server/)

+1

More articles:


All Articles