Microsoft Internet Information Server 7 / IIS 7: File Sharing on the website folder only for authorized people but allow / grant the IIS User / IIS worker process to execute ASP.NET

Problem

The SMB Mount / File Share for the web folders directory should be accessible for the admins but not for unauthorized people 

After setting the File Sharing permissions to that, the web applications shows HTTP error code 500 what means that the Microsoft IIS worker process does not have enough privileges.

Approach

To ensure, that the Microsoft IIS Server worker process has enough privileges to execute ASP.NET in the Directory and to prevent unauthorized access to the SMB Mount of the web application,the following settings should be applied

  • Add the user „Network share“ with Read/Write permissions to the folders directory
  • Configure the Application Pools identity to „Network Service“

Solution

Setting up the IIS web site folder to allow the user „NETWORK SERVICE“ to execute the IIS worker process
  • Connect to the web server via Remote Desktop Connection (RDP)
  • Right-click the folder
  • Select the tab sharing and click on the button „Share“
  • Search for user „Network Service“ and press the add button
  • Set the Permission Level „Read/Write“ to the user „Network Service“
  • Hit the apply button

Set up the application pools identity
  • Open the Microsoft IIS Server Manager
  • Select „Application Pools“ from the left side bar
  • Select the appropriate application / pool entry
  • Select „Set Application Pool Defaults“ from the right side bar
  • Search the Entry „Identity“ and press the „…“ Selector Button on the right side
  • Set the Identity to „Network Service“ to allow that user to execute ASP.NET as default user

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.