How do I give ASP NET permission to write to a folder in Windows 7

Question

I have a new Win7 workstation and I am trying to get ScrewTurn Wiki to run on the machine   My STW installation is using the file system option to store its data  and as such I need to give write permissions to the ASP NET worker process in the folder the website is installed in     HOWEVER  I cannot seem to be able to come up with name of the worker process in Win7 in order to add it to the permissions for the folder   In XP it was ASPNET WP  if I remember correctly  but that is not its name in Win7     Can someone please tell me   Edited to add   In response to  Dragan Radivojevic  here s what the application pool in question looks like  named ScrewTurnWiki      The Identity is  ApplicationPoolIdentity

User · Answer

I know this is an old thread but to further expand the answer here, by default IIS 7.5 creates application pool identity accounts to run the worker process under. You can't search for these accounts like normal user accounts when adding file permissions. To add them into NTFS permission ACL you can type the entire name of the application pool identity and it will work.

It is just a slight difference in the way the application pool identity accounts are handle as they are seen to be virtual accounts.

Also the username of the application pool identity is "IIS AppPool\application pool name" so if it was the application pool DefaultAppPool the user account would be "IIS AppPool\DefaultAppPool".

These can be seen if you open computer management and look at the members of the local group IIS_IUSRS. The SID appended to the end of them is not need when adding the account into an NTFS permission ACL.

Hope that helps

User · Answer

The full command would be something like below  notice the quotes  icacls  c  inetpub wwwroot tmp   grant  IIS AppPool DefaultAppPool F

User · Answer

My immediate solution  since I couldn t find the ASP NET worker process  was to give write  that is  Modify  permission to IIS IUSRS   This worked  I seem to recall that in WinXP I had to specifically given the ASP NET worker process write permission to accomplish this  Maybe my memory is faulty  but anyway        DraganRadivojevic wrote that he thought this was dangerous from a security viewpoint   I do not disagree  but since this was my workstation and not a network server  it seemed relatively safe   In any case  his answer is better and is what I finally settled on after chasing down a fail-path due to not specifying the correct domain for the AppPool user

User · Answer

Giving write permissions to all IIS USRS group is a bad idea from the security point of view  You dont need to do that and you can go with giving permissions only to system user running the application pool   If you are using II7  and I guess you do  do the following    Open IIS7 Select Website for which you need to modify permissions Go to Basic Settings and see which application pool you re using  Go to Application pools and find application pool from  3 Find system account used for running this application pool  Identity column  Navigate to your storage folder in IIS  select it and click on Edit Permissions  under Actions sub menu on the right  Open security tab and add needed permissions only for user you identified in  3   Note  1  if you see ApplicationPoolIdentity in  3 you need to reference this system user like this IIS AppPool application pool name    For example IIS AppPool DefaultAppPool  Note  2  when adding this user make sure to set correct locations in the Select Users or Groups dialog  This needs to be set to local machine because this is local account

[asp.net] How do I give ASP.NET permission to write to a folder in Windows 7?

Examples related to asp.net

Examples related to iis-7.5