Kernel-mode authentication with a domain account

You may know that kernel-mode authentication is faster then user-mode authentication. You also may know that when you have a webfarm, network service isn’t the “user” you can use for kernel-mode authentication. With thew following command you can configure that the application pool user is used for kernel-mode authentication.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication -useAppPoolCredentials:true

This wil result in the following configuration in the applicationHost.config

         <windowsAuthentication enabled="true" useAppPoolCredentials="true" />

You can configure this at the webserver/website/application level.

Wanna know which application pool is used by your application?

Some times I check if my applications are still using the proper application pools (I am not the only administrator of the IIS servers 😉 ). You can do this with the IIS GUI ofcourse but you can also use scripting (checking a lot of servers/application and application pools can be a pain in the !@#$%). So I created a little script to do that. Continue reading “Wanna know which application pool is used by your application?”