I am trying to figure out what the LogonMethod Property associated with an Application Pool means(/LM/W3SVC/AppPools, /LM/W3SVC/AppPools/DefaultAppPool/application_pool_name) means. Based on what I have found so far, I am posting some notes.
We associate credentials of a domain or local account with an application pool. Before a w3wp.exe process is started using the credentials of this account, the system calls the LogonUser function. This function accepts a parameter named "dwLogonType". I think that the value of this parameter is set based on the value assigned to the LogonMethod property in IIS Metabase. By default, IIS 6.0 uses NETWORK_CLEARTEXT as the value for the LogonMethod property. If the function succeeds in authenticating the user, it returns a handle to a token that represents the app pool account and a w3wp process is created to run in the context of this account. When using NETWORK_CLEARTEXT as the value for the LogonMethod property, the username and password of the app pool account are preserved in the DLL containing the authentication logic and used for establishing connections to other network resources during the process lifetime.
References:
1. David Wang's Post
2. MS Support article
No comments:
Post a Comment