Here's an issue with IIS 7.5 and ASP.NET that I've been researching and getting nowhere with. Any help would be greatly appreciated.
My question is: using ASP.NET in IIS 7.5, how does IIS and/or the operating system allow the web application to write to a folder like C:dump when running under full trust? How is it that I don't have to explicitly add write access for the application pool user (in this case ApplicationPoolIdentity)?
This much I know:
- In IIS 7.5, the default Identity for an Application Pool is ApplicationPoolIdentity.
- ApplicationPoolIdentity represents a Windows user account called "IIS APPPOOLAppPoolName", which is created when the Application Pool is created, where AppPoolName is the name of the Application Pool.
- The "IIS APPPOOLAppPoolName" user is by default a member of the IIS_IUSRS group.
- If you are running under Full Trust, your web application can write to many areas of the file system (excluding folders like C:Users, C:Windows, etc). For example, your application will have access to write to some folders, like, C:dump.
- By default, the IIS_IUSRS group is not given read or write access to C:dump (at least not access that is visible through the "Security" tab in Windows Explorer).
- If you deny write access to IIS_IUSRS, you will get a SecurityException when trying to write to the folder (as expected).
So, taking all of that into account, how is write access granted to the "IIS APPPOOLAppPoolName" user? The w3wp.exe process runs as this user, so what allows this user to write to a folder it doesn't seem to have explicit access to?
Please note that I understand this was probably done for the sake of convenience, since it would be a pain to grant a user access to every folder it needs to write to if you are running under Full Trust. If you want to limit this access, you can always run the application under Medium Trust. I am interested in finding out about the way the operating system and/or IIS allows these writes to take place, even though there appears to be no explicit file system access granted.