What are the app pool identity and account for anonymous access for?

I understand what the two are used for, except I don't know what each does--i.e. what one is for vs. what the other is for. (I usually set them to the same account anyway.)

If you're not sure what accounts I'm talking about, in the IIS manager thingy:

• Right-click on the app pool in question, go to Properties, and click the Identity tab to see the App Pool Identity.
• Right-click a Web site, go to Properties -开发者_JS百科> Directory Security, and click Edit under Anonymous Access and authentication control to view the Account for anonymous access.

That is the account under which the worker process will run when anonymous access and impersonation both are enabled. If you have impersonation disabled it will run under the default app pool account. Check this for more info.