ApplicationPoolIdentity Does Not Have Write Permission to Asp.Net App_Data folder


Symptoms


A web application is created using Microsoft Visual Studio and then published to Microsoft Internet Information Services (IIS) 7.5.  As part of the application's request processing, it needs to write data to the App_Data folder on the server.  For example, the application uses a SQLDataSource or XMLDataSource.  When it attempts to do so, an error message similar to the following is displayed:

 

Exception Details: System.UnauthorizedAccessException: Access to the path '[path to App_Data folder]' is denied.

 

Cause


Beginning in IIS 7.5, the default identity for an application pool is ApplicationPoolIdentity.  When a web application is created using Visual Studio, the App_Data folder is not automatically configured to allow write access for ApplicationPoolIdentity.  Therefore the attempt to write to the App_Data folder will fail.

 

Resolution


To work around this behavior, grant both read and write ACL permissions to the ApplicationPoolIdentity (IIS APPPOOL\ApplicationPool) on the App_Data folder. 

 

More Information


ApplicationPoolIdentity is a Managed Service Account, which is a new concept introduced in Windows Server 2008 R2 and Windows 7.  For more information on Managed Service Accounts, please see the following link:

http://technet.microsoft.com/en-us/library/dd367859(WS.10).aspx