When you create a website in IIS 7/7.5 on Windows 2008, an application pool is automatically created for it to isolate this website from others running on the same server. You should check that the application pool identity is not Network Service but ApplicationPoolIdentity instead. Now if you your web app needs to write to disk, you will need to give this worker process write permission to the directory/file that needs to be written to. Here are the steps to do that:
- Right click on the directory/file that you want the permission applied to
- Select “Properties”, then “Security”, followed by “Edit” and then “Add”
- Enter “IIS AppPool\DefaultAppPool” in the “Enter the object names to select:” text box (replace DefaultAppPool with the application pool identity for your website)
- Click on “Check Names”, then “OK”
- Next tick the checkboxes necessary for write permission and any other special permissions
That’s it.
NOTE: Only an identifier (SID) is created when an app pool is created which is added to the IIS AppPool group. This identity is not a real account and will not show in the Windows User Management Console.