Situation:
- test website created in IIS server manager
- basic settings/connect as: Application user
- authentication/anonymous authentication/edit: application pool identity
- physical path has "IIS AppPool\DefaultAppPool" read and execute, list folder contents and read permissions (plus administrators/system with inherited full control)
- contains a single file, index.html (plus generated web.config with the above settings)
Errors:
- HTTP Error 500.19 - Internal Server Error
- Config Error Cannot read configuration file due to insufficient permissions
Questions:
- how do I make it work with app identity? (got it to work using using iusr both under anonymous auth and with rx permission on the physical folder)
- am I doing it wrong or this is indeed the best practice as most resources I've found seem to suggest?
I'd also really appreciate any good tutorials on the "basics" of IIS 7.5 - I have been unable to find answers to this specific questions on learn.iis.net and several other sites and generally found the resources available there very fragmented.
Related: IIS 7.5 web site directory permisions, Windows Server 2008 R2 - IIS7.5 - Web site permissions
Answer
If you've created the website using the usual IIS7.5 out-of-the-box defaults then your "test website" will have had an application pool created for it as well.
The default identity that the site will execute requests as is ApplicationPoolIdentity
. ApplicationPoolIdentity
is a special synthesised account that is created on the fly and represents the identity of your site's application pool.
You state:
physical path has "IIS AppPool\DefaultAppPool" read and execute
This would explain why you're getting the 500.19
error. Unless you assigned the site to the "DefaultAppPool" application pool this permission won't be doing anything useful.
You need to assign the ApplicationPoolIdentity
of the site (at least) read and execute permissions. To do this execute the following from the command line:
icacls /grant "IIS APPPOOL\"(CI)(OI)(M)
Where
is the name of the application pool that was created for your test site. You can find its name by executing:
appcmd list app /site.name:""
This will return something like and displays the name of your site's application pool (which ApplicationPoolIdentity
is named after:
APP "test site/" (applicationPool:test site)
No comments:
Post a Comment