Can't resolve "UnauthorizedAccessException" with MVC 2 application running under IIS7

We use MVC controllers that access System.File.IO in our application and they work fine in localhost (IIS 6.0-based Cassini). Deploying to IIS7, we have problems getting the controllers to work because they throw UnauthorizedAccessExceptions.

We have done the following to try to resolve the issue: - Set NETWORK SERVICE and IUSR accounts to have permission on the files and folders in question - Ensured the App Pool is running under NETWORK SERVICE and loading the user profile - Application is running under full trust - We tried adding impersonation to web.config and giving NETWORK SERVICE write permissions (which was not a great idea because that's not what we want to do)

Now, we alternate between getting UnauthorizedAccessException and an IIS7 404 page that suggests the routes are being ignored completely (for example we serve "/favicon.ico" via a controller when the physical file actually lives a开发者_运维问答t /content/images/favicon.ico). We used ProcessMonitor to try to track down the issue but weren't successful.

UPDATE:

This issue is intermittent. We had a brief few minutes where everything worked without making any configuration changes. We're running on EC2, so this could be related to a distributed file system. We're also using a separate drive to store all web site data, we're not using inetpub/wwwroot.

UPDATE 2:

The site works without incident under IIS 7.5, with no configuration changes needed but this is likely due to running with the new AppPoolIdentity. Otherwise it's an identical deployment. Unfortunately we can't run R2 on this EC2 instance.

One of the ways to identifying the cause is using Procmon tool from Sysinternals

Procmon will show the reason for unable to open the file , it will also show who is holding the file.

The issue turned out to be the controller factory we were using not handling file requests properly.