Permissions issue when trying to read/write file in ASP.NET application

Question

We have a .net web application. The web application is setup in IIS and runs under an AppPool which runs under Domain\User1

This web application has C#.NET code that makes access to a file on server. Problem is that only Domain\User2 has rights to this file for read/edit.

We know that the .NET code will run under the credentials of the AppPool account (that is: Domain\User1). Hence if we try to read/write file in .NET code of the web application, then it will throw error.

What is the possible approaches I can use so that I can access this file? I am not allowed to change the AppPool user as per our company policy. If this was possible then the code could access/write to the file. Also, I cannot change the permission of the file and allow Domain\User2 access to it again because of company policy.

What other option do I have?

Can I run only the file read/write part of code as Domain\User2 via .NET code?

Answer 1

Better you can go with 'WindowsAuthentication' in IIS , this will help you access WindowAccount in your web application . Also you are able to restrict user respect to UserGroup, User type,etc

Answer 2

Impersonation won't work in your case either as you are "allowing access to asp.net running as the first user and you indicate that this is prohibited by corporate policy. The solution is twofold:

• explain the need to your manager and get approval
• add an acl to the file so that the app pool user can write to the file

An alternative would be to set up a service account that no user has access to and use that to access the file in question.

Answer 3

Did you think about writing a service for file upload/download? It can run on server where only Domain\User2 has rights to access files.