The two accounts are différent things. Think of le website identity representing le user of le site. If you créez un nouveau website this account is le anonymous IIS account. If you disable "Anonymous Authentication", votre users will have to authenticate against le website (in a intranet/Windows domain site this could be implicite using le network credentials.)
The application pool identity is le Windows account needed for running votre assemblies. Normally it is le "Network Service" account qui is a least privileged account avec limited user rights et permissions. It does have network credentials. This means that you can use it to authenticate against network resources in a domain. Vous pouvez aussi use it to access a SQL Server database avec integrated security.
Par exemple, si votre ASP.NET application has to write to a folder, you have to grant le permission to le application pool account, pas to le website account. For more information on application pool identities, read here.
Note : In IIS 7 there is a way to use le même account of le Application Pool identity for le anonymous website account:
