IIS 7 and Above
Shared Permissions to ASPNET account
Last post Apr 06, 2011 12:37 PM by HCamper
Apr 06, 2011 12:58 AM|sravanig17|LINK
We are having fileupload functionality in our application. We need to give
shared permissions to aspnet account on the folder where we are uploading
But, when we tried to give permissions, it suggested below 4 accounts but not
the ASPNET account:
ASPNET Wiki Users
ASPNET Sharepoint Account
Please let us know how to give permissions to ASPNET account. Or, is it
sufficient if we give permissions on ASPNET Sharepoint account
Apr 06, 2011 02:46 AM|Mithil|LINK
Apr 06, 2011 04:25 AM|HCamper|LINK
FYI The ASPNET account is created and is Used in II 7.0 IIS 7.5 and is member of the Users group.
FYI The Users group is the "Standard User Account" which is modeled after "Windows XP Limited" account guidelines.
The instructions you have posted appear to be missing or assume that IUSR,IIS_USERS
are already added to the IIS Server and Web Site(s).
I suggest that you make sure that the IUSR,IIS_USERS exisit and have read,execute,list permissions for the IIS Server & Sites.
I suggest that the ASPNET account be added to the IIS Server Default Site and have read,execute,list,modify permissions.
You should check if your IIS Server is set to use "Inherit Settings" for Default Site.
A) If the setting is False or No you will have to add the ASPNET
account on a per Web Site basis.
B) If the "Inherit Settings" is True or Yes then the ASPNET will be part of any newly created
C) The special permissions for ASPNET account to modify files is a requirement for developers to create,maintain,debug Web Projects.
D) I suggest that you not-escalate the permissions for ASPNET account / user
escalation of permissions would be Full permissions. The ASPNET account is considered a "Limited User" with
the exception of Modify permissions for Developers.
E) For your application add the suggested accounts and apply permissions that are considered correct for the program.
F) Since you will be running an application you need to add all the accounts listed to be part of the Application Pool
directories & folders the required permissions are read,execute,list.
You will also need to have special permissions applied to temp folders C:\Windows\Temp and the permissions are
The special permissions allow for creating temp files when running applications or even
accessing some types of Web Pages.
The special permissions should be applied to the Application Pool directories that are C:\User\Application Pool\Temp .
G) Since your application is going to have file Upload you should create a directory "upload" and add the
accounts from above items and set the Accounts with permissions of read,execute,list,write so files can be written
to the selected directory.
The list of items / tasks may appear to be difficult but just do thing step-by-step and you find it is not so bad.
I hope this helps,
Apr 06, 2011 12:37 PM|HCamper|LINK
FYI Here http://support.microsoft.com/kb/981949/en-us which are the default Permissions and Settings
the Guide for IIS 7.0 permissions settings at Microsoft Support this can be used to set new accounts or servers .