(38) C # IIS

IIS7.5 Logo Introduction (EXT) http://www.cnblogs.com/zgqys1980/p/3862815.html

The identity of the application pool is the name of the service account used by the worker process running the application pool. By default, the application pool runs under the Network Service user account, which has low level user rights. Can you configure an application pool to be Windows Server? Run one of the built-in user accounts in the 2008 operating system. For example, you can specify a Local System user account that has a higher level of user rights than the Network service or local service built-in user account. Note, however, that there is a serious security risk in running an application pool with an account that has high-level user rights

You can also configure a custom account to be used as the identity of the application pool. Any custom account that you select should have only the most basic permissions that the application requires. Custom accounts are useful in the following situations:

1. When you want to improve security and make it easier to track security events for the appropriate application.

When you host multiple customer sites on a single Web server. If you use the same process account for multiple customers.

2, one customer's application source code may be able to access another customer's application source code. In this case, you should also configure a custom account for the anonymous user account.

3. When an application requires not only the default permissions of the application pool, but also other permissions. In this case, you can create an application pool and then assign a custom identity to the new application pool.

In addition, in these systems, a new identity is added, which is the applicationpoolidentify identity, applicationpoolidentity– by default, the application pool identity account is selected. The application pool identity account is created dynamically when the application pool is started, so this account is the safest for your application.

Let me show you how to use them:

Local System Identity

This logo is the highest level of the built-in accounts, which is the most risky one, and is also the simplest to configure.

You only need to change the identifier in the program pool to LocalSystem, and assign a everyone user right to the folder permissions.

Network Service or Local service identity

First Configure IIS

Right-open the advanced settings for the project in the application pool, open the identity option in the settings, select Account as Network SERVICE, click OK, and the IIS settings are complete

Next we configure SQL Enterprise Manager.

1) Open the SQL manager à select the database instance à "security" à "login name" to see if there is a network SERVICE and if it does not exist, add it

2) Add Account method: Right click "Login name" à select "New Login", in the Pop-up dialog box to the right of the login input box, click on the right of the "search", in the pop-up "Select User or group" click "Advanced", then click "Find Now", find the Network Service username, click OK.

Configure additional properties

Left navigation à server role tick sysadmin

Left navigation à user mapping à tick the database to connect to or all databases

This way you will find the login name has the Ntauthority\network service this user, then congratulations, your SQL Enterprise Manager employment configuration is good. Then start running your website!

Applicationpoolidentify identification

The applicationpoolidentify identity is the safest for your application. Now let's start configuring Applicationpoolidentify!

In the configuration, we want to assign a applicationpoolidentify account to the site folder, first we know that Applicationpoolidentify is a virtual account we can not find, then how do we assign him account? If you add a newstest (Newstest the name of the application pool configured for us), you will get an error. "Name not Found".

They will remind us not to find the name, then what? Then we need to manually configure, manually enter Iisapppool\newstest (that is, the IIS apppool\ application pool name), and then determine. Yes, it's passed.

(38) C # IIS