Menu
I am attempting to launch a website from an 'AppPool' called 'SomeAppPool' which uses the 'ApplicationPoolIdentity' and when I do I receive the following error when I launch the website:
The current identity (IIS_APPPOOL\SomeAppPool) does not have write access to 'c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files'
I'm launching the website with 'Use Local IIS Web Server' within Visual Studio 2012 (with no debugger attached) under Windows 8.
The first thing I noticed is that the 'Temporary ASP.NET Files' folder does not even exist so there is nothing to set security permissions on.
The second issue is, even if there was a folder, what permissions would I set? I'm assuming that I should not have to set permissions for each user created through 'ApplicationPoolIdentity'. Right?
The current solutions i've seen simply suggest to set the user to 'Network Service' but this seems to break the isolation of the website for which 'ApplicationPoolIdentity' was introduced.
563
Click the Locations button and make sure that you select your computer. Enter IIS AppPool\<myappoolname> (eg: IIS AppPool\PK Protect) in the Enter the object names to select: text box. Click the Check Names button and click OK. Check Modify under the Allow column, and click OK, and OK.
Select Security tab and click Edit, then click "Add..." 9. Select OK and when you are back to the dialog for assigning permissions check the checkboxes Read & execute and Modify for user "myapplicationpool" (this is the name of the application pool).
Select the Identity list item and click the ellipsis (the button with the three dots). The following dialog appears: Select the Built-in account button, and then select the identity type ApplicationPoolIdentity from the combo box.
This ASP.NET forum answer, unacknowledged in its thread, was the solution for me. It's also low-impact: it doesn't try to re-register IIS or give the user dangerous privileges. To summarize the answer:
Enter the following command:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_regiis.exe -ga domain\user Substitute your domain and user for domain\user in the example above. That's all it took.
The Microsoft documentation for Aspnet_regiis.exe is here. Note that the documentation for the -ga switch refers to a bug in versions 3.5 and earlier, where it wouldn't work with local accounts. If I'm reading it correctly, domain accounts are supported for all versions and local accounts are supported starting with Framework 4.0.
Update 6 June 2017: For Windows 8 and above, consider the dism command instead. It's covered in this SO answer. Thanks to @codebrain for suggesting this.
Update 7 July 2015: @Vertigo kindly commented that this answer also worked for the NETWORK SERVICE account in .NET 2.0 under 2008R2/2012, so my disclaimer above about local accounts pre-4.0 may be wrong.
If anyone else finds that this works for a local account under .NET 3.5 or earlier, please feel free to edit my answer or to note it in the comments; it would be a great help to others who may experience this same problem.
195
I faced same problem. I checked the path c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ looking for Temporary ASP.NET Files, but there was not any folder by this name. so I created a new folder manually and named it Temporary ASP.NET Files and problem fixed.
So ensure the mentioned path exists.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
