Geek Answers Handbook

IIS Application Pool Id and Windows Account

What is pro and con to use the built-in application pool identifier in IIS, and not to specify a Windows account?

For SQL Server, if you want to connect from a .Net application using Windows authentication, I assume that if I use the application pool identifier, I must connect this to a user on SQL Server or provide that application pool identifier access to db

Application pool identifiers are just added as a convenience, so you don’t need to set up accounts for your application pools?

+8
windows sql-server-2008 iis-7 windows-authentication application-pool
source share
2 answers

The built-in account used is computer related. If applications in the application pool need to connect to other resources on the network (database servers, shared folders, etc.), then using a domain account (windows) may be the best option. When you specify a domain account, you must ensure that they have file permissions set in the physical folders that IIS uses. On later operating systems, you can add this account to the IIS_IUSRS group for default permissions.

+7
source share

We have several applications running on our intranet that use Windows authentication. The way we handle this in our web.config is to specify our SQL connection string as follows:

<connectionStrings> <add name="ConnectionStringName" connectionString="Data Source=ServerName;Initial Catalog=DatabaseName;Trusted_Connection=true" providerName="System.Data.SqlClient"/> </connectionStrings>

The following is also indicated in the web.config file:

 <system.web> <authentication mode="Windows"/> <identity impersonate="true" username="Domain\Username" password="password"/> </system.web>

Using a domain account allows you to manage your account in the same way that you manage other user accounts. The downside here is that the username and password are included in plain text in the web configuration.

Hope this helps.

0
source share

More articles:


All Articles