Summary: One of our web applications requires write access to C:\Windows\Temp
. However, no matter how much I weaken the NTFS permission, procmon shows ACCESS DENIED
.
Background (which might or might not be relevant for the problem): We are using OLEDB to access an MS Access database (which is located outside of C:\Windows\Temp). Unfortunately, this OLEDB driver requires write access to the user profile's TEMP directory (which happens to be C:\Windows\Temp when running under IIS 7.5), otherwise the dreaded "Unspecified Error" OleDbException is thrown. See KB 926939 for details. I followed the steps in the KB article, but it doesn't help.
Details:
This is the output of icacls C:\Windows\Temp
. For debugging purposes I gave full permissions to Everyone
.
C:\Windows\Temp NT AUTHORITY\SYSTEM:(OI)(CI)(F)
CREATOR OWNER:(OI)(CI)(IO)(F)
BUILTIN\IIS_IUSRS:(OI)(CI)(S,RD)
BUILTIN\Users:(CI)(S,WD,AD,X)
BUILTIN\Administrators:(OI)(CI)(F)
Everyone:(OI)(CI)(F)
However, this is the screenshot of procmon:
Desired Access: Generic Read/Write, Delete
Disposition: Create
Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Delete On Close, Open No Recall
Attributes: NT
ShareMode: None
AllocationSize: 0
Impersonating: MYDOMAIN\myuser
PS: When logged in as MYDOMAIN\myuser
, I can create files in C:\Windows\Temp
using Windows Explorer without any problems.
EDIT: Relevant parts of web.config:
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
Authentication seems to work, i.e., System.Security.Principal.WindowsIdentity.GetCurrent().Name
(which is shown on my custom error page) returns MYDOMAIN\myuser
.