I have a bunch of websites and applications with their own app pools, all using AppPoolIdentity. App pool identities are nice because you can set file system permissions and add SQL Server users based on them without having to manage any passwords.
My setup worked well until it was decided that these websites need to have basic authentication added to them. This would be fine, except that IIS absolutely insists on using the identity you present, rather than the configured app pool identity, regardless of any settings on the app pool itself.
The issue seems to lie in the Connect As dialog. I had it set to use Application user (pass-through authentication). Confusing naming aside, this option obviously won't work for me. So I try to use Specific user instead.
The Set Credentials dialog is deceptive, in that it will accept an app pool user of the form IIS AppPool\[appPool] with no password, but when you go to access the site, you get this error message:
HTTP Error 500.19 - Internal Server
The requested page cannot be accessed because the related configuration data for the page is invalid.
Config Error: Can not log on locally to `[websitePath]` as user `IIS AppPool\[appPool]` with virtual directory password
Config File: `\\?\C:\inetpub\temp\apppools\[appPool]\[websiteName].config`
Config Source
153: `<application path="/" applicationPool="[appPool]">`
154: `<virtualDirectory path="/" physicalPath="[websitePath]" userName="IIS AppPool\[appPool]" />`
155: `</application>`
This is Microsoft's reference for the <virtualDirectory> element. Opening this config file doesn't reveal anything helpful. I tried adding password="" to no avail.
Is there any way at all to achieve what I'm trying to accomplish? Ideally without adding a module or other special code to every site.
