Is it necessary to grant an application pool identity a read permission on the web folder?
I always grant application pool identities a write-only permission on the web folder.
However, some people grant them a read-write permission.
The question is
Is it necessary to grant an application pool identity a read permission on the web folder? Does granting a write permission suffice?
Edit 1
Up to now, I have not got any problem by granting write-only permission.
Could you give a case where read permission is needed?
Edit 2
I have a data.txt
in App_Data
folder and in my action method I have codes as 开发者_如何转开发follows:
using (StreamReader sr = new StreamReader(Server.MapPath("~/App_Data/data.txt")))
{
string text = sr.ReadToEnd();
// do more things here.
}
So far so good.
Edit 3
I have a folder Content
containing a bunch of pdf files. Users still can download them.
Nice write up here: Why can I upload a file without IIS Write Permission?
"Read" access controls whether the HTTP GET verb is allowed.
"Write" access controls whether HTTP PUT verb is allowed.
Pretty sure you need Read access to get the web.config file.
Depends on your security.
Just had to grant a AppPool identity Read access to it could grab a web.config. Not positive if I've ever had to do this in the past but granting read access fixed my problem.
Never had to set write before.
精彩评论