IIS7 folder permissions for web application

Question

I am using windows authentication without impersonation on my company's intranet website with IIS7.

Under IIS7, what account is used to access the folder which contains my web app using these settings?

Would it be IIS_IUSRS? Or NETWORK SERVICE? Or another I don't know about?

Answer 1

In IIS 7 (not IIS 7.5), sites access files and folders based on the account set on the application pool for the site. By default, in IIS7, this account is NETWORK SERVICE.

Specify an Identity for an Application Pool (IIS 7)

In IIS 7.5 (Windows 2008 R2 and Windows 7), the application pools run under the ApplicationPoolIdentity which is created when the application pool starts. If you want to set ACLS for this account, you need to choose IIS AppPool\<yourpoolname> instead of NT Authority\Network Service.

Answer 2

http://forums.iis.net/t/1187650.aspx has the answer. Setting the iis authentication to appliction pool identity will resolve this.

In IIS Authentication, Anonymous Authentication was set to "Specific User". When I changed it to Application Pool, I can access the site.

To set, click on your website in IIS and double-click "Authentication". Right-click on "Anonymous Authentication" and click "Edit..." option. Switch from "Specific User" to "Application pool identity". Now you should be able to set file and folder permissions using the IIS AppPool\{Your App Pool Name}.

Answer 3

If it's any help to anyone, give permission to "IIS_IUSRS" group.

Note that if you can't find "IIS_IUSRS", try prepending it with your server's name, like "MySexyServer\IIS_IUSRS".

Answer 4

Running IIS 7.5, I had luck adding permissions for the local computer user IUSR. The app pool user didn't work.

Answer 5

Worked for me in 30 seconds, short and sweet:

1. In IIS Manager (run inetmgr)
2. Go to ApplicationPool -> Advanced Settings
3. Set ApplicationPoolIdentity to NetworkService
4. Go to the file, right click properties, go to security, click edit, click add, enter Network Service (with space, then click 'check names'), and give full control (or just whatever permissions you need)

Answer 6

1. Working on IIS 7.5 and Windows 7 i couldnt give permission APPPOOL/Mypool
2. IUSR and IIS_IUSRS permissions not working for me

3. I got to problem this way:

   -Created console application with C#
   -This appliaction using createeventsource like this

   if(!System.Diagnostics.EventLog.SourceExists(sourceName)) System.Diagnostics.EventLog.CreateEventSource(sourceName,logName);

   -Build solution and get .exe file

   -Run exe as administator.This create log file.

NOTE: Dont remember Event viewer must be refresh for see the log.

I hope this solution helps someone :)

Answer 7

Read/Write permission for Web host application using IIS follow following step:-

1)Check the Application pool for the Site

2)Go to Application Pool and Check the Identity of the Site.

3)Explorer the Site and go to the main folder and right-click on that folder.

4)Go to Security Tab and click on the Edit button and then click on the user Identity and below you can see the multiple check box options which you want to provide permission for authenticated users after selecting the check box click on save.