I am trying to setup a web application in IIS on Windows Server 2008 R2. I create the web app, WebApp1, and I create a new application pool, WebAppPool1. I go into Authentication and disable Anonymous and enable Windows Authentication. At this point,
users get a logon prompt when they go to the URL, and they enter their credentials, and are re-prompted and never let in.
Do I need to give NTFS permissions on the physical folder to the application pool user or the end user accounts? Or neither? Does the application pool need to run as ApplicationPoolIdentity? Or something else? Do I need to modify .NET authorizations?
I've tried all these things and combinations of these things, but I can't get this resolved. If I change the application pool to use NETWORKService instead of ApplicationPoolIdentity, then things seem to work. But I want it to run as the ApplicationPoolIdentity (unless this is not the correct way to do this).