Generally, when you assign specific access rights for particular Windows users to a web folder in IIS, you expect files created in that folder to automatically inherit those permissions. This work as long as the files are created directly in that folder. For eg.if you have an uploads folder where you upload files via FTP.
But it does not work in cases where files are not directly created in that folder. The best example being uploads. ASP.NET uploads are not directly created in the target folder; they generally get created in the Windows temp folder and then get moved to the destination folder. (A lot depends on the upload component used of course).
In such a case, files do not automatically inherit the permission of the destination folder they are copied to. They inherit the permission of the folders in which they are created. So if the temp folders does not allow anonymous access, then a file moved from the folder to eg. the uploads folder, will not allow itself to be accessed via the web anonymously. Most of the times accessing an uploaded file via a web page throws up a Authentication dialog box from the browser.
TheĀ way around this is to set anonymous permissions to the temp folder (or whatever folder the file is getting created in first).
So if your IIS has a Guest user account named IUSR_XXXX then IUSR_XXX needs to have permissions on both the temp folder and the destination uploads folder.
IMPORTANT: It is best not to fiddle around with default settings of the Windows temp folder. Better to create your own temp folder which will be used by your upload component.
Leave a Reply