On IIS 8.5 we have an web application running with application pool's identity set to ApplicationPoolIdentity
.
When we switch to Custom account
instead of the ApplicationPoolIdentity
then web application's user session is lost at random and also on app pool recycle.
But everything is ok with the ApplicationPoolIdentity
.
Any idea what is the issue with Custom account
which is using a windows user account that has IIS_IUSRS permission.
All we need is to have the Custom account
identity to behave the same way as the ApplicationPoolIdentity
for the session state. Everything else is ok.
Update 1:
- We are using
InProc
Session State Mode as we have not defined the value for the mode property in the web.config file andInProc
is the default value - Same IIS web application retains sessions after a manual/auto app pool recycle for all users in case of ApplicationPoolIdentity. Good/bad is not the question here but here is the reason how that my happen: https://stackoverflow.com/a/4089977/218408
- Permanently stopping the app pool recycling is not an option for us
Best Answer
First, to correct a misconception, you're meant to lose state on an App Pool Recycle, unless you've moved state information out of process (for example, by using ASP.Net Session State Server, or a database, or a scheme involving persistent cookes). So unless the app has been designed to cope gracefully with recycling - and they're not by default - you might find that your initial assumption isn't right. See also this answer.
That said - I think the key clue here might be that it sounds like you randomly lose state while the app is running as a custom user without recycling (or apparently without recycling).
Possible things going on here:
It's possible the presence of the user causes - for example - antivirus software or another organizational security control to start doing things to the machine (or scan the website files), if it's not simply the app behaving differently and crashing due to something it can't do when not run as a NetworkService-derived user.
So, I'd check: