Reputation: 16764
Set folder permission for a IIS application pool with C# Console application
I want, programatically, set folder permissions for an user (which is IIS application pool) like:
string websiteDict = @"C:\inetpub\wwwroot\mywebsite";
DirectoryInfo di = new DirectoryInfo( websiteDict );
DirectorySecurity ds = di.GetAccessControl();
ds.SetAccessRule( new FileSystemAccessRule( @"IIS AppPool\myAppPool", FileSystemRights.FullControl,
AccessControlType.Allow ) );
di.SetAccessControl( ds );
The problem that user (myAppPool) added by rule above, has no rights, nothing is ticked in Allow column (see Security tab from Properties dialog) even I set full access control.
I run executable program as administrator, but same thing.
Why ?
Upvotes: 3
Views: 2165
Answers (2)
Reputation: 1088
I had the same problem - I managed to set permissions for IIS APPPOOL successfully (in my case - Modify, which I would highly recommend instead of Full Control, unless your app pool really needs to change ownership of the files inside these folders). However, when I checked it in the file system, I noticed that no checkboxes are shown for the app pool.
After taking a closer look, I noticed that there is a checkbox for Special Permissions (you have to scroll down one item in the list of permissions). Then I clicked the Advanced button, opened the permissions for my apppool and realized that it does have Modify permission, but no inheritance of rights is configured. If I set the "Applies To" field to "This folder, subfolders and files" manually, all the expected checkboxes appear where they should.
To set "Applies To" to "This folder, subfolder and files", you have to add three ACL rules, not one, like this:
var pathToGrantRights = fs.Path.Combine(Folder, "App_Data");
fs.Directory.CreateDirectory(pathToGrantRights);
var acl = fs.Directory.GetAccessControl(pathToGrantRights);
string acc = $"IIS APPPOOL\\{webapp.ApplicationPoolName}";
acl.AddAccessRule(new FileSystemAccessRule(acc, FileSystemRights.Modify, AccessControlType.Allow));
acl.AddAccessRule(new FileSystemAccessRule(acc, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
acl.AddAccessRule(new FileSystemAccessRule(acc, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
fs.Directory.SetAccessControl(pathToGrantRights, acl);
When you add the inheritance for folders and files in addition to the object itself, it starts working properly.
Upvotes: 2
Reputation: 17868
I checked on my server and the pools didnt show directly as groups I could use under windows to assign.
In your case "IIS AppPool\myAppPool" may not be available to windows as a security group. If not, it cant then apply it to permissions.
Upvotes: 0
Related Questions
- Grant write permission to local application pool group on a given folder
- Set Folder Permissions
- DirectoryEntry IIS access permission
- How to give Folder Permission for IIS User in C#?
- C# code to automatically give IIS write access to a folder on Windows Server 2008? Currently throws exception
- IIS 8, How do I give ASP.NET permission to write to a folder in Windows 8
- What access permissions are required to start/stop IIS app pools using DirectoryEntry with C#?
- How to grant rights properly to a folder on IIS 7.5 Express
- Set the folder permission which is out of IIS
- how to set the folder permission programatically in c#