Folder access by ASP.Net application

From: CW (CW_at_nospam.com)
Date: 09/04/04

  • Next message: ranganh: "RE: Help needed in Web.config" 
    Date: Sun, 5 Sep 2004 01:41:22 +1000

    I have an ASP.NET application that needs to read/write from to the IIS
    application directory and its subdirectories. The application is configured
    to use form authentication and thus it has the following entries in
    web.config:
        <authentication mode="Forms">
                <forms name="CommerceAuth" loginUrl="login.aspx"
    protection="All" path="/" />
            </authentication>
            <authorization><deny users="?" /><allow users ="*"
    /></authorization>

    Now the application runs OK on my dev box. The ASP.Net application is able
    to create file in IIS application folder and its subdirectory. However, once
    uploaded to my web host, the code that generates file on the web server IIS
    folder throws exception that essentially states that access to the directory
    is denied.

    Now my suspicion is that it has something to do with security permission
    granted to accounts used by IIS and ASP.Net. If I understand the IIS/ASP.Net
    architecture correctly, all anonymous requests are run in the context of
    IUSR* (where * is the machine name). It is then handed off to either ASPNET
    account (if IIS 5.x) or the configured worker pool account for ASP.Net
    process on IIS6 (if configured or default back to ASPNET account). Thus, if
    ASPNET account (or the worker pool account) has the necessary privilege to
    write to the particular IIS folder, then the application should be able to
    create a file in that folder. Otherwise, access would be denied.

    Can someone confirm or clarify if my understanding is correct?

    Thanks

  • Next message: ranganh: "RE: Help needed in Web.config"