Iis – What happened to the ASP.NET account in Windows Server 2012 R2 and IIS 8.5

iisiis-8netwindows-server-2012windows-server-2012-r2

I'm making my first foray into setting up an ASP.NET MVC 3 application on IIS 8.5 and Windows Server 2012 R2. This application uses Active Directory & Windows authentication for permission management. On IIS 6, I had to give the machine ASP.NET (on the server) Modify permissions to my log folder so it could write to it. Currently, I don't see an ASP.NET machine account on this system. I've given modify permissions to the NETWORK SERVICE account on the machine, but the application doesn't seem to be writting out to the log file. Mind you this is a local log file; it is not part of IIS.

I'm sure the solution is probably some simple switch I need to flip, but I've been tracking this for hours and am not sure what's up. Does anyone have any thoughts?

I've made sure the following server roles and features are installed:

Application Development

  • .Net Extensibility 3.5
  • List item
  • Net Extensibility 4.5
  • Application Initialization
  • ASP
  • ASP.NET 3.5
  • ASP.NET 4.5
  • ISAPI EXTENSIONS
  • .NET Framework 3.5 Features
  • .NET Framework 4.5 Features
    • ASP.NET 4.5
    • WCF Services

Server Roles – Security

  • Basic Authentication
  • URL Authorization
  • Windows Authentication

Best Answer

IIS 7+ uses a group called IIS_IUSRS that is built in, unlike the IIS6 users/groups that were added by IIS's installation. This allows ACL's to be transferable between servers.

If you are using an AppPool with a custom account, add it to the IIS_IUSRS group. If you are using the default accounts, ACL your folders using the IIS_IUSRS group.