I've been in the process of updating our web servers recently to use domain accounts for IIS Application Pool identities. I know with IIS7 Microsoft created the idea of the ApplicationPoolIdentity user that creates virtual users, but this doesn't suffice my needs well enough
I changed the user of 'Application Pool #1' from NetworkService to DOMAIN\username and supplied the appropriate password. Upon visiting the hosted website, I received the following error:
System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089′ failed.
What I can't understand, is when I switched the account from DOMAIN\username to DOMAIN\DomainAdminUsername the site started right back up and worked just fine. The only difference that I'm aware of between the two accounts is the one is in the Domain Admin membership group in group policy.
What user permissions would I have to provide to DOMAIN\username in order for that user to not receive the exception method above?
Best Answer
Does DOMAIN\Username have the permission to run as a service on the server?