locked
IIS 7.5 and domain application pool accounts RRS feed

  • Question

  • What forum should I post to for questions about IIS 7 configuration issues?  Specifically related to setting up a domain service account as the application pool identity and the calling of web services.  Full details below.

    The situation is this, trying to setup a Windows 2008 server box running IIS 7.5 and setting the application pool account to a domain user account (service account).  This is for access to things like the SQL databases and web services and how we currently have it successfully running on a Windows 2003 IIS 6 setup.  I have it mostly working except for one thing.  When an application hosted on the new IIS 7.5 calls an existing web service (on the old farm, same domain) it appears to pass the domain\machinename$ account as the credentials rather than the application pool as it did under the old setup.  This results in a 401 unauhorized error because only our service account that the application pools are setup to run as have access to the web services.  In the IIS 6 logs with the web services I see all the requests come in with the domain\machinename$ credentials.

    The code that calls the web service is setting the credentials via:

    ws.Credentials = System.Net.CredentialCache.DefaultCredentials

    Same as it always had under IIS 6.  I also noticed that if I remove the setting of credentials or manually construct them with a username/password it makes no difference.  It still shows the request as coming from domain\machinename$.

    In researching the problem I read that the new virtual ApplicationPoolIdentity behaves this way, using the machinename$ account for access to network resources but I don't know why I am seeing the same behavior when I am not using that account but a custom domain account.

    Also, if I remove the web service calls I noticed that calls to the SQL database appear to be going thru correctly by using the application pool domain account credentials.

    Also in research I found the applicationHost.config 'useAppPoolCredentials' setting but that appeared to not make any difference.

    Any idea on what is happening here and how I can get it to work as it did under IIS 6 where the application pool identity credentials would be used for the web service call?

    Friday, September 7, 2012 6:18 PM

Answers