0

I want to check whether IUSER group has write permission on a folder or not via code. In order to test that I manually gave the write permission to IUSR group on my folder:

enter image description here

Here is the code I have written to check that:

<%@ Page Language="C#" %>

<%@ Import Namespace="System.Collections.ObjectModel" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Security.Principal" %>
<%@ Import Namespace="System.Security.AccessControl" %>



<script runat="server">

    protected void Page_Load(object sender, EventArgs e)
    {

        try
        {
            string FilePath = @"D:\\Shared";

            FileSystemSecurity security;
            if (File.Exists(FilePath))
            {
                security = File.GetAccessControl(FilePath);
            }
            else
            {
                security = Directory.GetAccessControl(Path.GetDirectoryName(FilePath));
            }


            foreach (AccessRule rule in security.GetAccessRules(true, true, typeof(NTAccount)))
            {
                Response.Write("<br/>");
                Response.Write(string.Format("Identity = {0}; Access = {1}",
                               rule.IdentityReference.Value, rule.AccessControlType));
            }


        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }

    }



</script>

Here is the output: enter image description here

As you can see the IUSR group is not coming in that list.

My question here is that what I missing which is preventing that IUSR group to come in that list.

Do I need to add some special check to check IUSR permission?

divibisan
  • 11,659
  • 11
  • 40
  • 58
Raghav
  • 8,772
  • 6
  • 82
  • 106

1 Answers1

0

There is an helpful post at Server Fault regarding this one. The main reason is that Under IIS 7.5 (and optionally in IIS 7) all workers run with Application Pool Identity: user "IIS AppPoolPoolName" which is the reason why IUSR group won't come in the list.

I'd recommend to check for the apppool group rather then IUSR. Then try to get the specific user, rather than the group and check read and write permissions, if you succeed in this test, you are okay.

check this post for reference as well.

Barr J
  • 10,636
  • 1
  • 28
  • 46