forms authentication, not able to save web.config programmatically

im using visual studio 2008. in my project im using forms authentication, my project structure is as follows

root
 |
 login.aspx
 home.aspx
 web.config
 admin (folder)
  |
  admin.aspx
  web.config

here in root web.config is as follows

<authentication mode="Forms">
  <forms name="Authen" protection="All" timeout="60" loginUrl="Login.aspx" enableCrossAppRedirects="true" cookieless="AutoDetect"/>
</authentication>
<authorization>
  <deny users="?"/>
</authorization>

and in inner web.config

and my users are Username Role admin1 Admin admin2 Admin user1 User user2 User

as you can see that in second web.config, i gave access to users with "Admin" role and "user1" user.

for giving access to "admin" folder, i wrote the following:

        Configuration config = WebConfigurationManager.OpenWebConfiguration("~/HR");
        SystemWebSectionGroup systemWeb = (SystemWebSectionGroup)config.GetSectionGroup("system.web");
        AuthorizationSection section = (AuthorizationSection)systemWeb.Sections["authorization"];

        AuthorizationRule newRule = new AuthorizationRule(AuthorizationRuleAction.Allow);
        newRule.Users.Add("user1");
        section.Rules.Add(newRule);

and saved the web.config as

        config.Save();

this is working fine when i run it from visual studio development server, when i host it in IIS, im getting the following error

Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: An error occurred loading a configuration file: Access to the path 'F:\dotnet\samples\myproj\UI\hr\f-q_g-yn.tmp' is denied.

Source Error:

[No relevant source lines]

Source File: F:\dotnet\samples\myproj\UI\hr\web.config Line: 0

here the problem is, it is not able to save the web.config

i got one solution, that is, i added

<identity impersonate="true" userName="myusername" password="mypassw开发者_StackOverfloword"/>

to root web.config and it is working fine. but my boss says that is not the correct way. what is the correct way to solve this problem ?? please help

The account your website is running under does not have permissions to write to the directory your web.config is in. There are two options how to solve that:

1. Run your website under another account which does have the required permissions. You set the account in the settings of the respective Application Pool in IIS Manager.
2. Modify the security settinsg (ACLs) of the directory/directories, and add write permissions for the user your application pool is running under.

You should probably combine both methods – use a separate user account and add the write permissions only to this account, not to e.g. Network Service.

(But note that I am not sure whether a website modifying its own web.config files is a good idea at all.)