Application Pool Identity

Questions ArchiveCategory: SecurityApplication Pool Identity
Jim Loo asked 5 months ago

Hi Hassan,
My question as below:

  1. In my environment, all web sites need to configure with less privileges identity. Therefore, Application Pool Identity is used in any site configuration. When I performed the Test Connection, then Authentication was passed but got warning on Authorization.
    1. Any impact if the test connection got warning on Authorization
  2. The web application is require to access and read on specific local folder and file. I had added the access and read only on the folder with the following method:
    1. Go to security tab on folder
    2. Add “IIS AppPool\ApplicationPool_Name” and configured allow access and read.
    3. When run the application on browser, the application prompt “Access is denied. (Exception from HRESULT:0x80070005 (E_ACCESSDENIED))”. How do I resolve it?
  3. For the scenario on item#2, I configured the Path Credentials as “Application user (pass-through authentication)”. 
  4. For the scenario on item#2, I also tried to configure the Path Credentials as “Specific User” with local administrator ID. Unfortunately, I was still encountered the same issue.

Appreciate your feedback and advice for the above.
Regards,
Jim

1 Answers
Hassan Aboul Hassan answered 4 months ago

Microsoft introduced a new security feature in windows vista called (MIC) mandatory integrity control.
this is another layer of security over share permissions and NTFS permissions that you can configure from the security tab.
With (MIC) any application running has a certain security level. and each resource (files and folders) have also a security level.
in order for the application to access the recourse then both must at least be on the same integrity level even if you allowed it in NTFS and share permissions.
If you want you can try to run the web application as a different user (changing from the advanced pool settings), just to test and you can then know if the problem is in the user or something else.
I want to know what files and folders are you trying to access so I can analyze your issue
Is it a system file? or file located in your web application directory?
what is your authentication type used in IIS?
 
Concerning your first part.
Authorization selects the permission to access a certain part of the application (Like URLs, Paths, or other resources)
Example: The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it.
Also, I need more details to understand the case. if you can send screenshots, mention more details about the usernames used your type of applications, kind of authentication
 
And about your question you commented on udemy:
Do you have any lectures on how to monitor web application performance? 
How to know whether the performance issue was due to the Web application, Server or database.
I mentioned in the course some guidline to monitor your web server like using Perfmon.\
I am developing a free software that makes it easy to monitor your websites and IIS I hope I can finish it the next month.
But anyway there are a lot f 3rd party tools to monitor IIS from Solor winds, monitis.
check also this link, it may help:
https://stackify.com/how-to-monitor-iis-performance/
and please review section 7 of the course it may help you also.
And I am here waiting for your for any details or more clarifications.