Do I need to create a unique user account for each application pool?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

No, you don’t need to create a unique user account for each application pool. However, you might want to do so if you want to audit and authorize each application separately. This is especially the case if you're in a hosted environment running multiple web applications on the same server. Maintaining a separate identity for each application in such scenarios enables process isolation and auditing for each application. You can create ACL's for the various operating system resources (includes file system) on an individual application's identity. You also have the ability to establish granular database permissions, which might vary for each application.

More information

For more information on creating user accounts for ASP.NET applications, see “How To: Create a service account for an ASP.NET 2.0 application” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000009.asp

Personal tools