03 April 2009

IIS 7 Tip # 7 You can use the application pool identity for the anonymous authentication credentials

When a client accesses a web site on anonymous authentication IIS uses a pre configured account to access the corresponding files on disk. In IIS 5.0 / 6.0 we used a local account called the IUSR_machinename for anonymous authentication. With IIS 7.0 we moved to a generic built in account called IUSR which is now machine dependent.

But in IIS 7.0 you also have the option to use the application pool identity as the anonymous user identity.

Authentication

In IIS 6.0 if you wanted to use the application pool identity for anonymous access you would have to configure it manually under the Authentication Settings. This would mean the username and password would be saved in multiple locations. Whenever you had to change the password you would have to reset it in the application pool settings and then in the authentication settings.

With IIS 7.0 you just have to configure the user identity in the application pool settings. And in the properties of the Anonymous Authentication module select the Application pool identity option.


Bookmark and Share

Filed under: ,
 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Remus said:

Would you recommend changing the login for the application from the default NetworkService to IUSR?

Is there any difference if you use the default NetworkService vs IUSR?

And then in the properties of the Anonymous Authentication module select the Application pool identity option?

08 April 09 at 5:50 PM

Leave a Comment

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

(required) 
(optional)
(required) 

  
Enter Code Here: Required
Page view tracker