Share via


IIS 7 Tip # 7 You can use the application pool identity for the anonymous authentication credentials

When a client accesses a web site on anonymous authentication IIS uses a pre configured account to access the corresponding files on disk. In IIS 5.0 / 6.0 we used a local account called the IUSR_machinename for anonymous authentication. With IIS 7.0 we moved to a generic built in account called IUSR which is now machine dependent.

But in IIS 7.0 you also have the option to use the application pool identity as the anonymous user identity.

Authentication

In IIS 6.0 if you wanted to use the application pool identity for anonymous access you would have to configure it manually under the Authentication Settings. This would mean the username and password would be saved in multiple locations. Whenever you had to change the password you would have to reset it in the application pool settings and then in the authentication settings.

With IIS 7.0 you just have to configure the user identity in the application pool settings. And in the properties of the Anonymous Authentication module select the Application pool identity option.

Bookmark and Share

Comments

  • Anonymous
    April 08, 2009
    Would you recommend changing the login for the application from the default NetworkService to IUSR? Is there any difference if you use the default NetworkService vs IUSR? And then in the properties of the Anonymous Authentication module select the Application pool identity option?

  • Anonymous
    August 26, 2010
    The comment has been removed

  • Anonymous
    September 27, 2010
    Same question as Mozleron... Can anyone tell us how you can configure this from the commandline ?

  • Anonymous
    November 08, 2013
    you can configure this via the cmdline by setting both the username and password to "" in powershell you'd do it like this Set-WebConfigurationProperty -Filter /system.WebServer/security/authentication/AnonymousAuthentication -Name userName -value "" -Location $site.name Set-WebConfigurationProperty -Filter /system.WebServer/security/authentication/AnonymousAuthentication -Name password -value "" -Location $site.name