IIS App Pool Identity vs. Windows Account

The built in account used is specific to the computer. If applications inside the app pool need to connect to other resources on the network (database servers, file shares, etc) then using a (windows) domain account may be a better option. When you specify a domain account you must ensure they have the correct file permissions set on the physical folders that IIS is using. In later operating systems - you can add this account to the IIS_IUSRS group to achieve the default permissions.

We have several application running on our intranet that use windows authentication. The way we handle this in our web.config is to specify our SQL connection string as follows:

<connectionStrings>    <add name="ConnectionStringName" connectionString="Data Source=ServerName;Initial Catalog=DatabaseName;Trusted_Connection=true" providerName="System.Data.SqlClient"/></connectionStrings>

Also in the web.config is the following:

<system.web>    <authentication mode="Windows"/>    <identity impersonate="true" username="Domain\Username" password="password"/></system.web>

Using a domain account allows you to manage the account in the same way you manage other users accounts. Down side here is that the username and password are included in plain text in the web config.

Hope this helps.