Set FileSystemAccessRule for "IIS AppPool\Name" permissions fails with "Some or all identity references could not be translated"

Question

I'm programmatically cloning a git repo, compiling the source & creating a new site in IIS on an R2 2008 Windows server.

Once the site is configured I need to set the permissions for the new IIS AppPool Identity account; I'm trying to use FileSystemAccessRule :

// Set the Permissions
var dSiteRoot = new DirectoryInfo(cSiteRoot);

var oACL = dSiteRoot.GetAccessControl();
var cUser = "IIS APPPOOL\\" + cAppPoolName;

oACL.AddAccessRule(
    new FileSystemAccessRule(
        cUser, 
        FileSystemRights.FullControl, 
        InheritanceFlags.ObjectInherit, 
        PropagationFlags.InheritOnly, 
        AccessControlType.Allow
    )
);

dSiteRoot.SetAccessControl(
    oACL
);

An exception is thrown when the new instance of FileSystemAccessRule is created with the following message :

Some or all identity references could not be translated.

I wondered if the user hadn't been created; having just created & committed the AppPool & Site via ServerManager. So I tried to reference another, existing & active, IIS AppPool user. That too failed. EDIT : I mustn't have tested this correctly - see my answer below

I did wonder if I needed the machine name prepending to the string. I tried to prepend the MachineName, from System.Environment.MachineName, but that too failed with the same error.

How can I reference an IIS AppPool User to set permissions on a Folder using C#?

Answer 1

The Above C# is correct, and I was wrong, it's down to the timing.

I added a loop into that tries to set the permissions via AddAccessRule if it fails I set the thread to sleep for 50ms before trying again & so on until my timeout is reached or it's successful; in all cases it's been successful with 5 attempts.