I have a Windows Server 2003 running IIS. I have created an application pool specifically for a web service application. The identity of that application pool is a domain account. The domain account is needed for SQL Server access via windows authentication.
When I run the application in the Default Application Pool with the NETWORK SERVICE account it work fine as long as I do not execute any function that accesses the SQL Server. SQL Server access fails as expected becasue the NETWORK SERVICE account does not have permissions on any of the SQL Server machines.
When change the application to use the application pool that is running under a domain account I get "Service Unavailable" when I attempt to run any web service. If I make that domain account a domain administrator the it does work. For obvious reasons, making the account an administrator is not a viable solution. Specifically, what permissions or local security policy settings are needed on a domain account to run a .NET application in IIS?
Thanks, Jim
The identity under which an application pool runs need obviously read access to every file it'll need to process (your ASP.NET web site/app); it also need read and/or write access to whatever resources it might need; so, if f.e. your ASPX pages saves files uploaded from users to some path, the service account will need write access to that path.
If you get a "service unavailable" error, this means the application pool servicing your web site/app has stopped. You should investigate why this happened; this is usually due to repeated critical errors, of which you'll find evidence in Windows' Application event log.