IIS and VS Embedded Local Web Server
There are two ways of running or testing your asp.net web pages. You can have pages served by IIS(if installed) or by the embedded local web server. So what's the diferences and which one should you use under certain circumstances.
The biggest difference is the identity the server uses to run asp.net application. Under IIS, an asp.net application is served by a work process running under the real account defined for the application—typically, a highly restricted account such as ASP.NET or NETWORK SERVICE.
In contrast, the embedded Web server takes the security token of the currently logged-on user—that is, you. The problem here is not a risk of being attacked; the real problem is that you are actually testing the application in a scenario significantly different from the real one. Things that work great under the local Web server might fail miserably under IIS.