I have a website setup in IIS7 which is configured so that connections are as a user: IUSR_MyUser.
I also have FTP configured for this site, with a different user configured via FTP Authorization: FTP_MyUser.
The FTP user account has read/write configured for the entire site directory, where as the regular web user is more restricted.
I can login with FTP just fine, however when I try and update a file for instance, I get an "Access Denied" error.
Fired up Process Monitor to have a look at the error being generated, the important bits:
Operation: CreateFile
Result: ACCESS DENIED
Path: C:\PathToMyFile
Impersonating: Computer\IUSR_MyUser
So it's impersonating the IUSR_MyUser account, which does not have permission to write.
How should I configure IIS / User accounts to attain the appropriate level of security for what I'm after here?
Best Answer
Following the advice from this thread: http://forums.iis.net/t/1161073.aspx
If you are not using pass-through authentication then the user set will override bot the IIS user as well as the FTP user.
So the correct setup it seems is to use 'pass through authentication', then configure the IIS Anonymous account to use your specified user.