4

I am creating directories, and writing files to a shared folder within my web application that is being hosted on Windows Server 2008. I am running the application pool with an identity of ApplicationPoolIdentity.

To give you an idea of my setup so far.. I've set permissions to the root of my web application root directory to two different users: "IUSR" and "IIS APPPOOL\MYPOOL". I'm using the name "MYPOOL" as the name of my application pool, so it's easy to reference.

The application is unable to modify and write to a shared folder. I right clicked the shared folder that I'm creating directories in and writing to, and clicked on the "Security" tab. Then I clicked "Edit". Under objects, I checked "Computer". Then under LOCATION, I've tried the machine/server running my web application. I wasn't able to find my "MYPOOL" user however under the users. I tried to follow this link, but it wasn't very complete. I don't know which user to use. I continue to get a System.IO exception because it doesn't have permissions. Once I know which user to use, I will have to give "Modify" permissions to the "ExportPath" directory.

This did not work for me: http://grekai.wordpress.com/2011/05/23/permissions-for-shared-folder-for-iis-7-application-pool-identity-across-domain/

For a quick test, I made a dummy page called FilePermissionsTest.aspx, and put some code to write a file to create a directory and write a file in my Page_Load event of the code behind. But I haven't gotten far enough to test it because it won't write the file.

...

<div>
Check to see if the file "_File_Permissions_Test.txt" was written to <% Response.Write(Data.ConfigurationHelper.ValueFromConfiguration("ExportPath", Nothing))%> 
</div>

...

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Dim exportPath As String = Data.ConfigurationHelper.ValueFromConfiguration("ExportPath", Nothing)
    If exportPath = String.Empty Then Return
    Dim exportDirectory As DirectoryInfo = Directory.CreateDirectory(exportPath)

    Dim writer As StreamWriter = File.CreateText(Path.Combine(exportDirectory.FullName, "_File_Permissions_Test.txt"))
    writer.WriteLine("TESTING... " + DateTime.Now().ToString)
    writer.Flush()
    writer.Close()

End Sub
JustBeingHelpful
  • 1,964
  • 7
  • 37
  • 53

2 Answers2

4

If you are running your application pool using a specified identity, granting permission to the machine account will not work. You should run your AppPool with a domain account, and grant that account the appropriate permissions to the shared folder. Using a local account will also not work if the shared folder is on a remote computer.

If you do not have a domain, you could run the AppPool with LocalSystem, and that should work with granting the machine account permission to the shared folder. But that would probably be suboptimal from a security perspective.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • I didn't have access to the domain controller, but I asked our server administrator to create a domain user. Then I went into the application pool advanced settings, and changed the Identity to "domain\domainuser" and then set permissions on that shared folder for that domain user. Worked awesome! Thanks!.... I will have to try your second approach later. Does using LocalSystem have any drawbacks as being the application pool user in a web application? Just curious. – JustBeingHelpful Jul 20 '11 at 16:19
  • 1
    LocalSystem has complete control of the system, and is usually not a secure choice for the AppPool identity. – Greg Askew Jul 20 '11 at 19:31
  • How is LocalSystem different from the domain user we created? Is it risky to have a domain user? – JustBeingHelpful Jul 20 '11 at 19:41
  • LocalSystem is the operating system. A domain user is typically granted only minimal permission to run the app pool. – Greg Askew Jul 21 '11 at 12:30
0

You should have entered the computer name and not the ApplicationPoolIdentity. That was your problem.Try it out ! It should work.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
Tzvi Gregory Kaidanov
  • 101
  • 1