ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008

file-permissionsiis-7iis-7.5network-sharewindows-server-2008

I am creating directories, and writing files to a shared folder within my web application that is being hosted on Windows Server 2008. I am running the application pool with an identity of ApplicationPoolIdentity.

To give you an idea of my setup so far.. I've set permissions to the root of my web application root directory to two different users: "IUSR" and "IIS APPPOOL\MYPOOL". I'm using the name "MYPOOL" as the name of my application pool, so it's easy to reference.

The application is unable to modify and write to a shared folder. I right clicked the shared folder that I'm creating directories in and writing to, and clicked on the "Security" tab. Then I clicked "Edit". Under objects, I checked "Computer". Then under LOCATION, I've tried the machine/server running my web application. I wasn't able to find my "MYPOOL" user however under the users. I tried to follow this link, but it wasn't very complete. I don't know which user to use. I continue to get a System.IO exception because it doesn't have permissions. Once I know which user to use, I will have to give "Modify" permissions to the "ExportPath" directory.

This did not work for me:
http://grekai.wordpress.com/2011/05/23/permissions-for-shared-folder-for-iis-7-application-pool-identity-across-domain/

For a quick test, I made a dummy page called FilePermissionsTest.aspx, and put some code to write a file to create a directory and write a file in my Page_Load event of the code behind. But I haven't gotten far enough to test it because it won't write the file.

<div>
Check to see if the file "_File_Permissions_Test.txt" was written to <% Response.Write(Data.ConfigurationHelper.ValueFromConfiguration("ExportPath", Nothing))%> 
</div>


Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Dim exportPath As String = Data.ConfigurationHelper.ValueFromConfiguration("ExportPath", Nothing)
    If exportPath = String.Empty Then Return
    Dim exportDirectory As DirectoryInfo = Directory.CreateDirectory(exportPath)

    Dim writer As StreamWriter = File.CreateText(Path.Combine(exportDirectory.FullName, "_File_Permissions_Test.txt"))
    writer.WriteLine("TESTING... " + DateTime.Now().ToString)
    writer.Flush()
    writer.Close()

End Sub

Best Answer

If you are running your application pool using a specified identity, granting permission to the machine account will not work. You should run your AppPool with a domain account, and grant that account the appropriate permissions to the shared folder. Using a local account will also not work if the shared folder is on a remote computer.

If you do not have a domain, you could run the AppPool with LocalSystem, and that should work with granting the machine account permission to the shared folder. But that would probably be suboptimal from a security perspective.

Related Topic