TechTalk

Topics in the world of web development and other technologies we find interesting.

Assigning NTFS folder permission to IIS7 Application Pools

Microsoft IIS Server 7.0 and up offers a lot of new features in regards to application security. One of the new features is the ability to assign each of your ASP.NET applications their own isolated Application Pool. This adds a lot of additional security because now we can also assign NTFS permissions for folders on a per application basis. This is a good thing because now when you need to give your ASP.NET application permission to read or write data to a particular folder, you don't have to automatically allow every other ASP.NET app on the same server to do so as well.

When developers that are new to IIS 7 first try to run an app they may get the error:

Access to the path 'C:\inetpub\MyWebSite\App_Data\MySiteData.xml' is denied.

This used to be fixed by simply adding the NetworkService account to the folder permissions . While it is still possible to configure your application to use the NetworkService account, it should be avoided. This older method does not allow you to assign folder permissions for ASP.NET on a per application basis.
When you create a new ASP.NET application in IIS it now will by default automatically create a new IIS App Pool with the same name and then assign it to that application. If this application will require ASP.NET code to be able to create or modify files on the server you will need to give it permission. The App_Data is one folder that often that often needs create & modify access.

NOTE: The instructions below are intended for Windows Server 2008 R2.
If you need help with Windows Server 2008 go here, and here for Windows Server 2003.

IIS7 Application Pools

You cannot currently browse for your new IIS App Pool account in the GUI, however you can still assign the folder permissions by typing IIS APPPOOL\YourAppPoolName in the Select User or Groupsdialog box which is accesible by clicking Add... Once the account is listed, assign the permissions just as would do before with the NetworkService account.

Assigning NTFS App Pool Permissions


Posted by Mark at 21:34
Categories :
blog comments powered by Disqus

Authors

Recent Comments

Powered by Disqus Error loading MacroEngine script (file: uBlogsyListBlogRoll.cshtml)