c#iis sharepoint permissions elevated-privileges

Sharepoint 2010 fails to run elevated code as IIS pool identity account

I changed the IIS pool identity service account for my Sharepoint 2010 web application thus replacing the default "Network Service" account (using Sharepoint Administrator.) The pool service account permissions are now as documented by MS here in the "Application pool account" section: http://technet.microsoft.com/en-us/library/cc678863%28v=office.14%29.aspx

Elevated code in my feature fails when attempting to activate additional site features with the following exception:

Exception while creating the site: The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

Stack Trace:

at Microsoft.SharePoint.SPGlobal.HandleComException(COMException comEx)    
 at Microsoft.SharePoint.Library.SPRequest.ValidateFormDigest(String bstrUrl, String bstrListName)    
 at Microsoft.SharePoint.SPWeb.ValidateFormDigest()    
 at Microsoft.SharePoint.SPSecurity.ValidateSecurityOnOperation(SPOperationCode code, SPSecurableObject obj)    
 at Microsoft.SharePoint.SPFeature.AddRowToFeaturesTable(SPFeaturePropertyCollection props, SPSite site, SPWeb web, Boolean fForce)    
 at Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, SPFeatureActivateFlags activateFlags, Boolean fForce)    
 at Microsoft.SharePoint.SPFeatureCollection.AddInternal(SPFeatureDefinition featdef, Version version, SPFeaturePropertyCollection properties, SPFeatureActivateFlags activateFlags, Boolean force, Boolean fMarkOnly)    
 at Microsoft.SharePoint.SPFeatureCollection.AddInternalWithName(Guid featureId, String featureName, Version version, SPFeaturePropertyCollection properties, SPFeatureActivateFlags activateFlags, Boolean force, Boolean fMarkOnly, SPFeatureDefinitionScope featdefScope)    
 at Microsoft.SharePoint.SPFeatureCollection.Add(Guid featureId)

What other permissions does the pool identity user need to have to run elevated code properly? Is it a security risk if I set the pool identity to my farm account (like owstimer service)? (If yes, why?)

Solution

In the elevated code the SPWeb object being updated has to have AllowUnsafeUpdates=true. This resolved the issue. As suggested the question was reposted on sharepoint.stackexchange.com: https://sharepoint.stackexchange.com/questions/111507/sharepoint-2010-fails-to-run-elevated-code-as-iis-pool-identity-account