IIS 7 & IIS 8
Trouble with ApplicationPoolIdentity in IIS 7.5 + Windows 7
Last post Sep 18, 2012 05:04 PM by russmichaels
Oct 27, 2009 05:33 PM|LINK
I just retried with Vista SP2 / IIS7.0, and what recently worked well with Windows 7 / IIS7.5 just wouldn't.
Edit: Oh noez, starting a reply and leaving it sitting around for extensive periods of time will lead into obsoleteness. :-)
Oct 27, 2009 07:44 PM|LINK
The nice thing is I learned to use icacls now :)
Jan 14, 2010 06:04 AM|LINK
I am using Windows 7 and set up the permissions for "IIS AppPool\DefaultAppPool" to have "Full Control" over my web app. I still keep getting FileIOPermission errors. When I switched the App Pool to use Network Services everything worked like a charm.
Any thoughts on why a web app running in Full Trust with Full Control granted for the DefaultAppPool would still be throwing FileIOPermission errors?
Note: I have tried setting the permissions with both the GUI and the icacls command. In both, full control was granted. Keep getting the following error when I do not use Network Services:
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=184.108.40.206, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Apr 11, 2010 06:23 PM|LINK
I found this thread after experiencing the same ApplicationPoolIdentity authentication problems described by the original poster (IIS 7.5 on Windows 7). Someone called it "a limitation of the object picker" which sounds like a nice way of saying the Windows/IIS
team let this out the door half-baked. I was just about to use the "Network Service" identity instead but will give icacls as try and see if I can get the ApplicationPoolIdentity to work...
May 10, 2010 05:57 PM|LINK
I just found an easy solution to this problem that does not involve using the NetworkService as the account to run the AppPool.
I have applied this solution to my 2008R2 using IIS7.5 (using IIS6Compatibility mode and the local SMTP server Feature installed and all ASP AppPools running in 32bit mode); I have not tested this outside of that environment, so your mileage may vary.
let me preface by saying, this issue didnt happen when the AppPool was running as NetworkService, only when using ApplicationPoolIdentity. The reason for this is explained below.
In 2008/IIS7+ the ApplicationPoolIdentity accounts are hidden accounts that have dynamically assigned SID's (created and assigned when the ApplicationPool is started). But the accounts live as (hidden) users under the IIS_IUSRS group on the local machine
(this makes giving them permissions to the AppPools pretty easy, since you can use the normal GUI interface for perms or use scripts while specifying the local user group).
Hope this helps all the other people who found this thread.
Application Pool Identity
Jun 04, 2010 08:17 AM|LINK
Jun 16, 2010 08:53 PM|LINK
What if its SQL server that isn't giving you access?
I'm getting this error: System.Data.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
Jun 17, 2010 07:50 AM|LINK
(Edit: Maybe you also want to give that user appropriate permissons on the databases / database-objects
he's supposed to interact with.)
(Edit2: This was under the assumption, that the SQL Server is on the same machine as IIS. Which, thinking about it, is a quite unreasonable assumption in general. If SQL
Server and IIS are running on different machines, I'd think you would have to use some account which is known to both of them, and not local to the IIS-machine.)
Jun 17, 2010 01:24 PM|LINK
It is highly not recommended to grant application pool identity permissions on database.
MSDN has two approaches listed for ASP.NET beginners,
Sep 29, 2010 08:04 PM|LINK