Hi,
I'm starting to think that what I need is just impossibru. But maybe you could help.
What I need
- Windows Authentication so the app knows who the user is via REMOTE_USER.
- BUT, accessing files in wwwroot under IIS APPPOOL\forgedev.
What I have :-(
- Environment is INTRANET where users are domain accounts.
- I have IIS 7.5 running on newest WinServer2008.
- I have website "forgedev" in it with Windows Authentication turned ON using NTLM provider, and Anonymous turned OFF.
- Apppool "forgedev" is running under ApplicationPoolIdentity.
- I can see w3wp.exe running under IIS APPPOOL\forgedev in Process Monitor / Task Manager.
- IIS APPPOOL\forgedev has FULL CONTROL permissions on whole wwwroot folder and on everything inside too.
- When user access http://forgedev, he gets login prompt that ends with Error 401. Permission denied.
- In Process Monitor, I see ACCESS DENIED while creating a file inside wwwroot folder, always same (my site is doing mkdir()).
BUT, when I set FULL CONTROL to \\machinename\Users on wwwroot folder, all works OK andFILE IS CREATED UNDER domain\username account, not IIS APPPOOL\forgedev account.
I looked into \\machinename\Users group, and I see there a group Domain Users. So that's why it's working. But with\\machinename\Users having write access to wwwroot, I'm giving write access to all domain users, so that's not good.
How can I do it? Thanks for any ideas!
Robert Varga