IIS permissions issues for IUSR guest account

I have a website that I moved from the current web host to our in house server.  It utilizes asp pages and Access databases.  When testing, it will not allow the IUSR_Servername internet guest account to access the index.asp page unless I give it WRITE permissions on the wwwroot folder.  Since I wouldn't think that the WRITE permission is generally recommended to give to anonymous users, how do I resolve this issue?  What are the recommended security settings in general for asp pages?
LVL 2
bleujaegelAsked:
Who is Participating?
 
Abh4ITConnect With a Mentor Commented:
Hi,

Yes you should not provide write access to anonymous users. What you should do is in your asp page you should authenticate/imporsonate as another user who has enough permissions. When working on ASP.NEt this is better since you can provide required rights to ASPNET user.

Hope this helps
0
 
bleujaegelAuthor Commented:
So I should give read to IUSR and write to the ASPNET user and it should work?
0
 
pcsmitpraConnect With a Mentor Commented:
Read only for IUSR, If you are running IIS 6 then add NETwork Service and give it Execute access. Add ASPNET in case of IIS5.
0
 
bleujaegelAuthor Commented:
I tried the network service with execute (even tried FULL), but page would not display.  I stripped down the permissions to start over, and now I have:

administrators: FULL
IIS_WPG: Read & Execute, List folder contents, and read
Internet Guest Account IUSR_Servername: Read & Execute, List folder contents, read, and write
SYSTEM: FULL
Users: Read & Execute, List folder contents, and read

Still as soon as I take the WRITE permission away from the Internet Guest Account IUSR_Servername, then the .asp page won't display and gives an error.

I like the idea of impersonating a user, so I'll try that next, but don't know the syntax of how to set that up.  I'll give it a google.
0
 
jandelbasanalCommented:
Kindly check the IIS settings first if you allow or specify execute permissions.You can check also configuration if asp extension has been added.I guess this a security related settings you encountered.

Can you create just a simple asp scripts on other folder?this is just to verify your IIS running fine with asp.Pls do check also folder security permissions on local drive or home folder.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.