|
1 | | -### Changing logging settings |
| 1 | +### Running application pools as a specific user |
2 | 2 |
|
3 | | -HTTP request logging is provided by IIS and can be specified server-wide or on an individual site level. Applications and virtual directories can disable logging, but they can't do any logging of their own. The examples below show how to set logging at the site level. |
| 3 | +You can usually get by running your application pools as the `ApplicationPoolIdentity` accounts. This creates a virtual account for each different application pool automatically, isolating them from each other. On the local machine, you can grant access to resources like the file system to each separate application pool. For remote resources (like a SQL Server on a different machine), the application pool identities act as Network Service, so you can grant access at the machine level. Learn more about [application pool identities](https://www.iis.net/learn/manage/configuring-security/application-pool-identities). |
4 | 4 |
|
5 | | -Logging settings are stored in `applicationHost.config` underneath the site: |
6 | | - |
7 | | -```xml |
8 | | -<system.applicationHost> |
9 | | - <!-- ... --> |
10 | | - <sites> |
11 | | - <site name="Default Web Site" id="1"> |
12 | | - <bindings> |
13 | | - <binding protocol="http" bindingInformation="*:80:" /> |
14 | | - </bindings> |
15 | | - <logFile logFormat="IIS" directory="%SystemDrive%\inetpub\logs\LogFiles1" period="Hourly" /> |
16 | | - </site> |
17 | | - <siteDefaults> |
18 | | - <logFile logFormat="W3C" directory="%SystemDrive%\inetpub\logs\LogFiles" /> |
19 | | - <traceFailedRequestsLogging directory="%SystemDrive%\inetpub\logs\FailedReqLogFiles" /> |
20 | | - </siteDefaults> |
21 | | - <!-- ... --> |
22 | | -``` |
| 5 | +For more control over what the application pool can do, you should run it under a specific, custom user account. You'll want to use [`aspnet_regiis`](https://msdn.microsoft.com/en-us/library/k6h9cz8h.aspx) to give your custom account all the permissions it needs to run as an application pool and execute ASP.NET requests. You can then set your application pool to run as that user. |
0 commit comments