I am experiencing assembly binding failures due to insufficient permissions to the Temporary ASP.NET Files folder.
The application uses (web.config) Forms authentication with Impersonate = True and IIS Windows Integrated Authentication.
According to ASP.NET Identity Matrix, this means that the WindowsIdentity resolves to Domain\UserName and according to ASP.NET Required Access Control Lists (ACLs), the WindowsIdentity requires read/write permissions to the Temporary ASP.NET Files folder.
Using the Fusion log viewer, I can confirm that the assembly binding failure is due to Domain\UserName (belonging to the "Users" group in security) only having read permissions to this folder, but not write permissions.
The questions are:
Are there any security implications of assigning write permissions to the Temporary ASP.Net Files folder?
Is such a server configuration change commonly used? If not, why would WindowsIdentity resolve to Domain\UserName for this combination of web.config settings - or should this combination not be used in this context?
Note: The problem only occurs if a non-admin user is the first to hit the page. If the assembly has already been compiled and stored in Temporary ASP.NET Files due to an admin user hitting the page, there are no problems for subsequent users. I do NOT wish to place the assemblies in the GAC.