401 - Unauthorized IIS 7.5 on UNC application website

Question

I'm running win server 2008 R2 with IIS 7.5

I have an application under a website that only has anonymous authentication enabled.

The application points to a shared UNC drive.

I've created a IUSRDomain Domain account and both servers are on the same domain.

The application pool Identity is using the IUSRDomain account.

the UNC Share and File permission both give full control to the IUSRDomain account.

However when i try to make any changes to the IIS application settings, i get an error message that says:

There was an error while performing this operation.

Filename: \?\UNC\\share\webapp\web.config Error: Cannot write configuration file due to insufficient permissions

And when i try to browse an html test page i get:

401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.

IIS log file says:

/webapp/test.html - 80 - xxx.xxx.xxx.xxx Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/534.7+(KHTML,+like+Gecko)+Chrome/7.0.517.44+Safari/534.7 401 3 1326 22

Edit: Also i have other applications under the same website that are configured the same way and work fine.

Answer 1

You need to be sure that the account that is used to connect to the UNC path has write access to the web.config file on the network share.

IIS7 configuration saves/updates information to the web.config file, thus the error message.

Also, if your application needs to run in full trust, you will want to use CASPOL to modify the trust permissions to allow your app to run in full trust. (.NET 2.0)