This section describes the minimum permissions that are required for work of the application and file access.
Below are the procedures for correct work of the application:
First, you need to know which identity the application works under. By default, it is "NETWORK SERVICE" in Windows 2003 IIS 6 and windows 2008 IIS 7 or "IIS APPPOOL\DefaultAppPool" (Replace DefaultAppPool with another pool name if application works not under default pool) in Windows 2008 IIS 7.5 (64 bit).
You can check it in the IIS console:
Open the IIS console: Control panel->Administrative tools-> Internet Information Services->Expand "Default web site"
For IIS 7 and 7.5: Click the Application pools node. Check the identity the "DefaultAppPool" pool is running with. By default it is "NETWORK SERVICE" in IIS 7 or "IIS APPPOOL\DefaultAppPool" (It is real name for virtual ApplicationPoolIdentity) in IIS 7.5 (64 bit). If you running application not under default pool then user is "IIS APPPOOL\YourCustomAppPoolName" Screenshot
For IIS 6: Expand "Application pools" node and right-click the "DefaultAppPool" option. Click "Properties" in the context menu and find "Application pool identity" under "Identity" tab. By default it is "NETWORK SERVICE" Screenshot
If you still not sure which identity the application works under then run http://localhost/HTCOMNET/Diagnostics.aspx and look the "Application identity" value or at the Windows Task Manager see what user executes "w3w.exe" process.
After you have learnt about the application identity ("NETWORK SERVICE" or "IIS APPPOOL\DefaultAppPool"), you can set necessary NTFS permissions.
Note for Windows 2008 users! User "IIS APPPOOL\DefaultAppPool" exists in GUI ACL only for Windows 2008 R2 and newer. For first Windows 2008 OS it will be more easy to change account- At the "DefaultAppPool" pool settings change account to the "NETWORK SERVICE" and then set permissions for this user.
How to set permissions:
Check NTFS permissions for HTCOMNET folder and top level web.config files:
You should set NTFS "Read and execute", "Read", "List folders content" permissions for the application identity to HTCOMNET folder.
Set the same permissions for the web.config files in all top level folders (like c:\Inetpub\wwwroot\web.config) as well! Screenshot
Check NTFS permissions for "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" and "%WINDIR%\Temp" folders:
You should also set the “NTFS "Modify" permissions for the application identity to "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" and "%WINDIR%\Temp" folders.
Check NTFS permissions for Anonymous user to HTCOMNET folder:
You should set Read NTFS permissions for Anonymous user (by default it is IUSR or IUSR_<MACHINENAME>) to HTCOMNET folder.
Check NTFS permissions for Data folder:
You should also set NTFS "Modify" permissions for the application identity to the Data folder if you will use online Admin panel for users and folder setup. By default, the Data folder is in the HTCOMNET root but it is strongly recommended to move it outside the web server or disable the file download (See dataFolderPath key in the Web.config file)!
Check NTFS permissions for the content of the files and folders:
You should set necessary NTFS permissions for the application identity to user’s files and folders i.e. to the content that your users will have an access to. The content can be read only with the permissions or full permissions.
By default DemoFolder folder is available for users. Set full NTFS permissions for this folder’s application identity if you will use this demo folder.