User ASP.NET runs under

I'm a bit confused about how ASP.NET, what user it runs under? On iis 7.5 and on 6.0

A few of the user accounts that I'm not clear on are

  • Network Service
  • IUSR
  • AppPool

Any clarification on the different users would be appreciated and security considerations/etc.


In summary:

  • IIS 5.1 (Windows XP) - it's a local ASPNET account
  • IIS 6 - by default, application pools run under the Network Service account which is a member of IIS_WPG group
  • IIS 7.0 - still Network Service
  • IIS 7 SP2 / 7.5 - runs under an ephemeral thing called ApplicationPoolIdentity which maps to an account IIS APPPOOL\ApplicationPool (e.g. IIS APPPOOL\DefaultAppPool). This account is a member of IIS_IUSRS user group
  • ASP.NET Web Development Server (Cassini) - it's obviously your own account

And it's a good practice to create a custom low-privileged account to run your application especially on PROD environment or when you need to access the network from the application.


ASP.net by default runs underneath the IIS_IUSRS user group. So if you need to grant permission to allow your application to run, use that group.