How to set correct file permissions for ASP.NET on IIS

by

The message is clear.

Cannot read configuration file due to insufficient permissions

How to solve it.

Every asp.net application is run under one pool assigned to it, and each pool is run under a specific account.

Open the IIS, locate the pool under which your app is try to run, see the user that is assigned to that pool, and give read permissions to that user on your full site directory tree.

Especial for the web.config

The web.config, its the configuration file that message says, must have (and) write permissions.

So you locate web.config on the root of your site, right click on it, go to permissions and give on the pool-user, the write capability. The pool user, is the user under the witch the pool is run, as I explain below.

More details

To been able to run a public asp.net site with IIS, each file on the directory must have permissions for two accounts.

One account that is permitted for public access, and the account that assigned to that application pool have.

To find/assing the first account you go to your iis site | Authentication | Edit, and see or change it as you see on that screen shot.

Now note that name and we going to find the user under with the pool run.
Go the your IIS Site and click on the Basic Settings to find the pool name, then go to the IIS | Application Pools and see the Identity column, and note the name of the user under the witch your site is run.

Now that we have the two users names we go to the root of the site and set the minimum of permissions that is the read as

Some Notes

  • If the IIS_Public_ACCESS_USER is not give read permission the site is run, but ask for password
  • On some directories you need and write permissions, if you let for example your users upload images, or keep on App_Data, some database files. Only for that directories you give and the write permissions to the IIS_POOL_USER.
  • Some directories, like the App_Data and App_Code have direct protection from asp.net and they not allow anyone from the client side to run or view whats is in there.
  • On the public directory that allow write access to your user add one web.config and totally disable all the running of asp.net files.

More to read for the directories that give write permissions I’ve been hacked. Evil aspx file uploaded called AspxSpy. They’re still trying. Help me trap them‼

More Related Contents:

  1. IIS AppPoolIdentity and file system write access permissions
  2. How to increase request timeout in IIS?
  3. GZip Compression On IIS 7.5 is not working
  4. Web Application Problems (web.config errors) HTTP 500.19 with IIS7.5 and ASP.NET v2
  5. How to deploy ASP.NET MVC 4 application using localDB to local IIS on Windows 7?
  6. ASP.NET MVC on IIS 7.5 – Error 403.14 Forbidden
  7. Script not served by static file handler on IIS7.5
  8. The configuration section ‘system.web.extensions’ cannot be read because it is missing a section declaration
  9. How do I make a “generic error” page in my ASP.NET application so that it handles errors triggered when serving that page itself?
  10. IIS AAR – URL Rewrite for reverse proxy – how to send HTTP_HOST
  11. I just discovered why all ASP.Net websites are slow, and I am trying to work out what to do about it
  12. What is the difference between ‘classic’ and ‘integrated’ pipeline mode in IIS7?
  13. Asp.NET Web API – 405 – HTTP verb used to access this page is not allowed – how to set handler mappings
  14. asp.net – session – multiple browser tabs – different sessions?
  15. Hidden Features of ASP.NET [closed]
  16. Unable to start debugging on the web server. Could not start ASP.NET debugging VS 2010, II7, Win 7 x64
  17. IIS URL Rewrite and Web.config
  18. ASP.NET: HTTP Error 500.19 – Internal Server Error 0x8007000d
  19. I’m lost. What happened to ASP.NET MVC 5?
  20. How to deploy an ASP.NET Application with zero downtime
  21. You must add a reference to assembly ‘netstandard, Version=2.0.0.0
  22. How do I fix the “compilerVersion” IIS error?
  23. How to disable caching of single page application HTML file served through IIS?
  24. how SameSite attribute added to my Asp.net_SessionID cookie automatically?
  25. What is Kestrel (vs IIS / Express)
  26. What are the pros and cons of running IIS as 32bit vs 64bit on a 64bit OS?
  27. IIS application using application pool identity loses primary token?
  28. Make MSDeploy (Visual Studio) not delete App_Data folder but delete everything else
  29. User ASP.NET runs under
  30. All requests to ASP.NET Web API return 404 error

Leave a Comment