I've got a Windows Docker container (microsoft/aspnet) that is hosting a simple Web API. The web API accepts files from a form, saves them in a temp folder, does some processing, and then returns the result.
This works fine when deployed locally, but when done in my Docker container, I get a file permissions error on my temp folder (App_Data).
Is there a way to grant the IIS user the code is running as access to this file, or to open up the folder to any user for read/write access?
Current Docker file is below:
FROM microsoft/aspnet
COPY ./Deploy/ /inetpub/wwwroot
RUN mkdir /inetpub/wwwroot/App_Data
Error message snippet I get running API from docker image:
"InnerException":{"Message":"An error has occurred.","ExceptionMessage":"Access to the path 'C:\\inetpub\\wwwroot\\App_Data\\BodyPart_481b6424-f9a5-4608-894d-406145a48445' is denied.","ExceptionType":"System.UnauthorizedAccessException"
It looks like there is a bug open on the aspnet-docker github about this same issue. [link]
In the meantime, it looks like running cacls App_Data /G IIS_IUSRS:F after starting the container fixes the issue temporarily.
Unclear why, but cacls doesn't seem to be working when run as part of building the container. Switched to using icacls, and was able to grant the IIS_USRS permissions on the folder.
Line added to dockerfile:
RUN icacls 'C:\inetpub\wwwroot\App_Data' /grant 'IIS_IUSRS:(F)'