How to resolve error "The current identity (IIS APPPOOL...) does not have write access to " error

Hi,

Yesterday I was just playing with some small site that I've created and published from Visual Studio when I bumped into this error:

The current identity (IIS APPPOOL\cc) does not have write access to
'C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.

I started looking around and I've seen some people complaining about the same issues, but none that is specifically about the problem that I was encountering. I was sure it has something to do with the access to the folder, but looking through all the settings for the website in in IIS Manager I dind't find any that could be the culprit. But luckly I started looking a bit at the settings for the application pool that's corresponding to my site and I noticed that it's running under the "ApplicationPoolIdentity" Identity. I thought it might be worth it to give it a try by running it under NetworkService. And guess what?!? That completely solved my problem.

Here's a step by step explanation of how I got the error and what I did to fix it:

I've developed my website in VS2010, I went to the site in the solution view, right click select "Publish Web Site"

After getting the binaries on the drive I've went in IIS and created the actual website:

After doing this I happily browsed to my site, which blew up on me...


Server Error in '/' Application.


The current identity (IIS APPPOOL\mywebsite) does not have write access
to 'C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
Files'.

Description:
An unhandled exception occurred during the execution of the current web
request. Please review the stack trace for more information about the error and
where it originated in the code.
Exception Details:
System.Web.HttpException: The current identity (IIS APPPOOL\mywebsite) does
not have write access to
'C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.


And here's how to get rid of this error: 

  • Go to IIS Manager
  • Open the Application Pools
  • Select the pool corresponding to your website (most of the time it will have the same name as the website)
  • Select "Advanced Settings"
  • You will see that the app is running under the "ApplicationPoolIdentity" Indetity
  • Change that to "NetworkService" identity

Well folks, there you have it, hopefully this will save a poor soul a couple of hours of digging :)

Let me know if this solution worked for you or not,
Ionutz

Comments

  • Anonymous
    June 11, 2013
    Saved me some time . Thanks

  • Anonymous
    September 06, 2013
    Really? When creating a new App Pool, it creates a new identity with the name of the App Pool. One of the design goals of IIS 7 is isolation, and this behavior supports this goal. By changing identity to NetworkService you are undermining security and isolation. I wonder if your employer would stand by your advice. It seems to me this is a bug with IIS.

  • Anonymous
    October 08, 2013
    Thanks

  • Anonymous
    November 18, 2013
    I would suggest to check ACL on mentioned folder first, in may case some legacy GPO changed ACL so IIS_IUSRS wasn't included...

  • Anonymous
    April 12, 2014
    I do not agree this is a solution even.

  • Anonymous
    August 08, 2014
    Unfortunately it does not work for me. I use VS 2013 to code in ASP.NET 4.5.

  • Anonymous
    September 24, 2014
    Some cases 'Local System' needs to be used

  • Anonymous
    November 24, 2014
    This solution didn't worked for me.