Determine what account IIS 7 is using to access folders (and other resources)

Question

Often, out of sheer desperation I will end up enabling "Everyone" access on a folder that a web app is accessing (perhaps for file creation, reading, etc) because I can't figure which user account to enable access on.

Obviously, this is a very bad thing to do.

Is there a way to determine what account IIS is using at that exact moment to access folders (and perhaps other resources like SQL Server, etc)?

Are there logs I can look at that will tell me? Or perhaps some other way?

I usually use Windows Auth without impersonation. Not sure if that information is relevant.

Answer 1

This link http://stackoverflow.com/questions/1981578/which-account-is-used-when-a-user-navigates-to-a-asp-net-website should help.

Answer 2

If you don't use Impersonation, application pool identity is used in most cases, but accessing SQL Server and UNC files are slightly different.

This MSDN article has all information in one place, but you really need to spare a lot of time on it in order to digest every details,

http://msdn.microsoft.com/en-us/library/ms998351.aspx

Answer 3

Another more general approach would be to use a tool like Process Monitor and add a path filter for anything that starts with the root of the website (ie c:\inetpub\wwwroot). You then have to add the Username as a column by right clicking on the column headers, but once you do that the w3wp.exe process should show up in whenever you try to access the website and it will show which user account is being used. This technique should work with all file access permission issues.

Answer 4

Use Sysinternals Process Monitor to see what is actually happening.

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx