I am confused with how this logic works.
"anonymous authentication" is defaulted to IUSR (or application pool identity).
"connect as" is defaulted to application user (pass through authentication) or a specific user can be set.
what is the purpose of each one? Also IUSR needs write access in order for IIS to have write permissions, why is it not using the "application user", in the default case "DefaultAppPool".
Why does IUSR need write access and not "DefaultAppPool"? since "pass through authentication" is set, it would make sense that "IIS AppPool\DefaultAppPool" is used and not IUSR?