ASP/ASP.NET Best way to handle write permissions?

Question

Say you have public ASP.NET (and Classic ASP) applications on IIS with a script/page that needs to write or update html files in a specific folder that is located within the web publishing folder tree.

What is the proper way to handle this and exactly how do you do it? (i.e. set directory permissions in IIS or windows explorer)

My main concern is that I want to let the ASP/ASP.NET apps write to a folder, but I don't want regular http users to be able to put files into it directly via HTTP PUT.

Answer 1

You'll want to set your NTFS permissions as follows:

• IUSR_<MachineName> - The anonymous user should only have READ access
• Network Service (or App Pool identity) - READ and WRITE access

With these permissions, you can most likely safely remove the Everyone and Authenticated Users accounts from the ACL as well.

More info: http://support.microsoft.com/kb/815153

Answer 2

Don't enable writing in IIS--that only speaks to HTTP PUT, not underlying filesystem permissions. Then do what gattaca said.