Search code examples
c#asp.netiisfolder-permissions

How to give Folder Permission for IIS User in C#?

I need to give Folder Permission for IIS User.
Actually I wrote code like this..

public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights,AccessControlType ControlType)
{
    DirectoryInfo dInfo = new DirectoryInfo(FileName);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(
        new System.Security.AccessControl.FileSystemAccessRule(objUser, Rights, ControlType));
    dInfo.SetAccessControl(dSecurity);
}

I calling this above method like this...

void givepermission()
{
    DirectoryInfo a = new DirectoryInfo(Server.MapPath("~/resources"));
    AddDirectorySecurity(Server.MapPath("~/"), "IUSR", FileSystemRights.FullControl,AccessControlType.Allow);
}

But Locally its working. When going server not working.

Instead of IUSR I tried following Account Names but that also not working ..


IIS_IUSRS
IIS_WPG
Network Service
Everyone
etc..

Instead IIS_IUSRS. I Tried like this also...

System.Environment.MachineName + "\\IIS_IUSRS"

IIS_IUSRS_System.Environment.MachineName

System.Environment.UserDomainName + "\\IIS_IUSRS"

etc..

but this also not working, but it's throwing "Some or all identity references could not be translated"

Note:I Don't want to set the Permission Manually

Please can some one help me with this..?

Solution

  • Based on the Application Pool Identities article:

    IIS introduces a new security feature in Service Pack 2 (SP2) of Windows Server 2008 and Windows Vista. It's called Application Pool Identities. Application Pool Identities allow you to run Application Pools under a unique account without having to create and manage domain or local accounts. The name of the Application Pool account corresponds to the name of the Application Pool.

    Here's a good explanation of what happens:

    In Windows 7, IIS application pool isolation was taken yet to a different level. The new change introduced in IIS7 (Windows Server 2008) was a new option to run your application pool as AppPoolIdentiy. However, the default for an application pool identity in IIS7 remained the same – NetworkService. In IIS7.5, AppPoolIdentiy becomes a default. Thus, scripts previously expecting permissions for their application pool identity to be set to “NT Service\NetworkService” will now have to set permissions (ACLs) for “IIS AppPool\” – the user account created for each new application pool.

    Thus, to set permissions for the DefaultAppPool, the scripts will need to set ACLs for “IIS AppPool\DefaultAppPool”.