"Oriane" <or****@noemail.noemailwrote in message
news:O3**************@TK2MSFTNGP02.phx.gbl...
Hi Anthony,
Thank you for your answer.
"Anthony Jones" <An*@yadayadayada.coma écrit dans le message de
news:ex**************@TK2MSFTNGP06.phx.gbl...
You don't 'need' to but its a good idea to isolate your app from others
allowing you to make app pool setting choices applicable to your app.
In this URL:
http://www.microsoft.com/technet/pro....mspx?mfr=true, I
can see that "The IIS IIS_WPG group account has the minimum permissions
and
user privileges that are necessary to start and run a worker process on a
Web server. Application pool identities must be members of this group so
the
application pool can register with Http.sys." So if I set a new pool with
a
new identity, I suppose that that identity should be in the IIS_WPG
pool...
>
In fact, I'm a bit confused between the identity of the worker process
(which is I think the identity of the pool) and the account
IUSR_ComputerName, which is the account the anonymous user is mapped with.
Above all, I can impersonate the asp.net website in the web.config file...
Is there a document which clears up that matter ?
My question: if I want to access resources on the server from the web site
server code, what account is used ?
All these different options are there to support a pelthora of different
scenarios. In your case it sounds like you want anonymous access to an
intranet style application.
Which account is used by ASP.NET code to access server resources depend on
whether you have enabled impersonate in the web.config. With impersonate
on it will use the authenticated user for the connection which for anonymous
connections will be the IUSR account. With impersonate off it will the app
pool identity.
My recommendation in this case would be to leave impersonate off and use the
pool identity. Further unless you have some reason to want to protect
resources from other web sites and services running on the server leave the
pool identity at the default NETWORK SERVICE then grant NETWORK SERVICE the
appropriate access to your resources.
>
Another (simple) question: is wwwroot the better directory to install a
intranet web server on a IIS 6.0 w2k3 server ?
I never use the wwwroot folder. I tend to use a new top level folder
(preferably on a different drive) where all the resources for the site are
placed, one sub-folder of this top level folder will be the root of the web
site.
--
Anthony Jones - MVP ASP/ASP.NET