What File permissions should I set when hosting an ASP.NET project in IIS 7?

I'm looking for a guide on how to set f开发者_如何学JAVAile permissions for hosting an ASP.NET project in IIS 7.

Full access rights for all files in the project directory to everyone works, but I guess this is not a good idea?

Thanks for your help in advance!

Take a look at the "In Practice" part of my answer to this question:

What are all the user accounts for IIS/ASP.NET and how do they differ?

You should prefer to use "Application Pool Identity" on with IIS7:

Application Pool Identities

IIS 7 has some pretty good security around the \inetpub directory already. When adding a site the default id that the worker processes execute under already have all of the permissions necessary.

The only real reason to change these is if you are allowing file uploads to be saved to disk. At which point you are better off creating a directory outside of your site structure and using a virtual directory to point to it.

However, some applications like DotNetNuke, require the worker process to have read/write permissions on the site files themselves, including the web.config. This is generally a very bad idea.