I am trying to understand an aspect of IIS security that I can't figure out. I have an internal (not on the internet) application that runs under IIS.
This specific application has an app pool associated with it that runs as a specific user (an administrator of the server). The authenentication method set for the default web site is Anonymous Authentication with a specific user set (also an administrator of the server). So for the most part I understand this security.
What I don't understand is if you go to the Advanced Settings of the default web site, there is physical path credentials and physical path credentials logon type. Currently nothing is set here.
What would be the reason to set credentials here?
What is the difference between the logon types (Anonymous and Path Credentials)?
Best Answer
Path Credentials are used where you need to present a set of credentials that are different from the site's anonymous user.
For example you may have a virtual directory that is mapped to a UNC share that needs a different set of credentials from the anonymous user.