C
CW
I have an ASP.NET application that needs to read/write from to the IIS
application directory and its subdirectories. The application is configured
to use form authentication and thus it has the following entries in
web.config:
<authentication mode="Forms">
<forms name="CommerceAuth" loginUrl="login.aspx"
protection="All" path="/" />
</authentication>
<authorization><deny users="?" /><allow users ="*"
/></authorization>
Now the application runs OK on my dev box. The ASP.Net application is able
to create file in IIS application folder and its subdirectory. However, once
uploaded to my web host, the code that generates file on the web server IIS
folder throws exception that essentially states that access to the directory
is denied.
Now my suspicion is that it has something to do with security permission
granted to accounts used by IIS and ASP.Net. If I understand the IIS/ASP.Net
architecture correctly, all anonymous requests are run in the context of
IUSR* (where * is the machine name). It is then handed off to either ASPNET
account (if IIS 5.x) or the configured worker pool account for ASP.Net
process on IIS6 (if configured or default back to ASPNET account). Thus, if
ASPNET account (or the worker pool account) has the necessary privilege to
write to the particular IIS folder, then the application should be able to
create a file in that folder. Otherwise, access would be denied.
Can someone confirm or clarify if my understanding is correct?
Thanks
application directory and its subdirectories. The application is configured
to use form authentication and thus it has the following entries in
web.config:
<authentication mode="Forms">
<forms name="CommerceAuth" loginUrl="login.aspx"
protection="All" path="/" />
</authentication>
<authorization><deny users="?" /><allow users ="*"
/></authorization>
Now the application runs OK on my dev box. The ASP.Net application is able
to create file in IIS application folder and its subdirectory. However, once
uploaded to my web host, the code that generates file on the web server IIS
folder throws exception that essentially states that access to the directory
is denied.
Now my suspicion is that it has something to do with security permission
granted to accounts used by IIS and ASP.Net. If I understand the IIS/ASP.Net
architecture correctly, all anonymous requests are run in the context of
IUSR* (where * is the machine name). It is then handed off to either ASPNET
account (if IIS 5.x) or the configured worker pool account for ASP.Net
process on IIS6 (if configured or default back to ASPNET account). Thus, if
ASPNET account (or the worker pool account) has the necessary privilege to
write to the particular IIS folder, then the application should be able to
create a file in that folder. Otherwise, access would be denied.
Can someone confirm or clarify if my understanding is correct?
Thanks