How to assign permissions to ApplicationPoolIdentity account

This is a great feature, but as you mentioned it's not fully implemented yet. You can add the app pool identity from the command prompt with something like icacls, then you can manage it from the GUI. For example, run something like this from the command prompt:

icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

Then, in Windows Explorer, go to the wwwroot folder and edit the security permissions. You will see what looks like a group (the group icon) called DefaultAppPool. You can now edit the permissions.
However, you don't need to use this at all. It's a bonus that you can use if you want. You can use the old way of creating a custom user per app pool and assigning the custom user to disk. That has full UI support.
This SID injection method is nice because it allows you to use a single user but fully isolate each site from each other without having to create unique users for each app pool. Pretty impressive, and it will be even better with UI support.
The windows service called Application Host Helper Service is the one that does the mappings between IIS and Windows users.

link|flag

answered Nov 4 '09 at 3:07 Scott Forsyth - MVP 2,95828

Sharepoint 2010 SQL Form Based Authentification the easy way - FBA - Claim based - Walkthrought

This manual is for my personal/team use and based in various post in the web - and I thank you all the authors with the link to their posts at the end of this document.
- Mirjam van Olst
- Donal Conlon
- Kirk Evans Blog
- speschka

You will also find links to various tools that depending on your needs can be very useful in your project.

There is various step to get FBA working. But the key factors is to understand that you will have to edit 3 web.config
- The Sharepoint central admin web.config
- The SecurityTokenServiceApplication web.config
- Your FBA application web.config
You wills setup:
- a conection to your user database aspnetdb.
- a provider for your users
- a provider for your roles
- a peoplepicker



1 STEP CREATE YOUR USER DATABASE
create the ASPNETDB by performing these steps:

•Go to the SQL Server database server
•On the database server, open Windows Explorer.
•Navigate to the path %System Drive%\Windows\Microsoft.NET\Framework\v2.0.50727.
•To start the ASP.NET SQL Server Setup Wizard, double-click aspnet_regsql.exe.

•Database Name: Give a name of ASPNETDB and the wizard will create the DB
•Complete the wizard
•Make sure the Application Pool accounts of the web application(s) and the Central Administration web site have access to the database. This is critical and should be careffuly checked.

2 STEPS are covered by this post Configuring claims and forms based authentication for use with a SQL provider in SharePoint 2010


 Blogs references:
Configuring Forms Based Authentication for SharePoint 2010 using IIS7 February 23, 2010 Donal Conlon
Configuring claims and forms based authentication for use with a SQL provider in SharePoint 2010
Web Site Administration Tool Overview
Sharepoint-2010-forms-based-authentication-configuration-manager


Tools references:
FBAConfigMgr - This tool can update your 3 web.config - Use with care make backups before !
Visual Studio Express - This tool allow you to manipulate your user database
MembershipSeeder - This tool allow you to manipulate your user database