locked
Application Pool Identity RRS feed

  • Question

  • User1536465747 posted

    Hello,

    I just set the Identity to LocalSystem in order to access a certificate. 

    My question is if this change has some cons in sense of performance or something like that?

    Thank you very much

    Monday, April 6, 2020 7:09 PM

Answers

All replies

  • User475983607 posted

    I just set the Identity to LocalSystem in order to access a certificate. 

    My question is if this change has some cons in sense of performance or something like that?

    There's no performance impact.  Your web application has the same access to local resources as LocalSystem which is probably more than your application needs.

    https://docs.microsoft.com/en-us/windows/win32/services/localsystem-account

    Modern IIS uses a virtual account; ApplicationPoolIdentity.  By default the Identity is  IIS APPPOOL\your.iis.application.name and you can use this to grant read/write access to the certificate.

    https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 6, 2020 8:42 PM
  • User1536465747 posted

    Honestly I tried to manage the ApplicationPoolIdentity with Load user profile but, I found it not so easy. Switching to LocalSystem seems to be much easier solution.

    However thank you for confirming that there will be no consequences because of the change I've made there. Much appreciated 

    Monday, April 6, 2020 8:53 PM