Changing IIS application pool identity to local system
Solution 1
If your IIS and SQL servers are in a domain together, create a domain user to serve as the identity of the app. Set the app pool identity to that user and add it as a db user. Also make sure the user has access to all the application files.
Solution 2
I have now fixed this problem by setting the application pool's identity in IIS to "local system", but I understand there can be some security risks with this. Do you guys have an idea for a better solution?
Assuming the DB and IIS are on the same box you can create a local user account and give that account the necessary rights (DB reader and writer if neccessary) on the DB. Then create an IIS AppPool for your app that runs under that account, and configure the app to use that AppPool.
Related videos on Youtube
Nathan Watkins
Updated on September 18, 2022Comments
-
Nathan Watkins over 1 year
Hey guys, I've recently been having problems with Microsoft Server 2008, Plesk, and MSSQL. The problem was that when one of my applications in the pool tried to access the database I got an error saying it doesn't have access.
I have now fixed this problem by setting the application pool's identity in IIS to "local system", but I understand there can be some security risks with this. Do you guys have an idea for a better solution? One where the pool can access the MSSQL database, but not compromise security?
Thank you!
-
user3824502 about 13 yearsYou should also mention that if the application relies on Windows Authentication to auth domain users this will not work out of the box -- an SPN will have to be created.
-
Admin about 13 yearsYes that sounds like exactly what I need. How can I create a new user? And how can i set it as a db user?
-
Nathan Watkins about 13 yearsHow can I create a local user account and set its right?
-
Nathan Watkins about 13 yearsWOW I can't believe how incredibly long it took me to figure out how to do what you said, but it FINALLY worked! Holy crap! Thank you =)
-
pseudocoder about 13 yearsSorry, I was asleep when you posted your question :)