Determine which account uses IIS 7 to access folders (and other resources)

Question

Determine which account uses IIS 7 to access folders (and other resources)

Often out of sheer despair, I get access to "Everyone" in the folder that the web application accesses (possibly to create a file, read, etc.), because I cannot figure out which user account to allow for access.

Obviously, this is very bad.

Is there a way to determine which IIS account is currently being used to access folders (and possibly other resources such as SQL Server, etc.)?

Are there any magazines I can look at that tell me? Or maybe in some other way?

I usually use Windows Auth without impersonation. Not sure if this information is relevant.

+3

asp.net iis-7 permissions acl

Andrew Apr 08 '10 at 4:17

source share

3 answers

If you do not use impersonation, in most cases the application pool identifier is used, but access to SQL Server and UNC files is slightly different.

MSDN , , ,

http://msdn.microsoft.com/en-us/library/ms998351.aspx

+1

Lex Li 08 . '10 5:23

Use the Sysinternals Process Monitor to find out what is actually happening.

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

+1

ggonsalv Apr 08 '10 at 5:29

source share

Greg bray · Accepted Answer · 2010-04-08T05:28:58+0000

Another more general approach would be to use a tool like Process Monitor and add a path filter for everything that starts at the root of the site (i.e. c: \ inetpub \ wwwroot). Then you need to add the username as a column by right-clicking on the column headers, but as soon as you do this, the w3wp.exe process should appear while trying to access the website, and it will show which user account is being used. This method should work with all file access issues.

Determine which account uses IIS 7 to access folders (and other resources)

More articles: