I'm trying to get an ASP.NET Web API application running on IIS7.5. I've added an application tot the default web site for it. It's running in the DefaultAppPool, with anonymous authentication enabled and ASP.NET impersonation disabled. The Web API works fine: I can run it and it returns results.
However, when I call an operation that is supposed to return an image, I get a System.UnauthorizedAccessException. I figured it's just an authorization issue, so I went to the file's security dialog and gave the IIS AppPool\DefaultAppPool user full control. This did not work. I then tried to give Everyone full control on the file, but I still got the exception.
I'm at a loss. What could be going on here?
I've since found the solution... but I'm not sure why. Rather than going to the folder properties > Security > Edit... > Add... > and adding IIS AppPool\DefaultAppPool I went to the folder and chose properties > Advanced... > Change Permissions... > Add.. and added the IIS AppPool\DefaultAppPool user there. What's the difference between those two methods?