Right click the physical folder that contains the application. Select properties. Then the security tab. Click Edit. Click the Add button. Enter the application pool identity for you application. If you did not specify an identity then the default identity is the name of the application.
IIS APPPOOL\name.of.your.application
Select the authorization your application pool needs. For example, if you are writing files to the physical folder then you need read/write. If your application writes file to other locations on disk then that folder needs read/write as well. In the later case you should consider creating a service account with least privileges. Use the service account as the application pool identity.
Network Services or Local Services might be an option depending on how your application works.
Access Control Overview
Service Accounts
If you are not sure what the identity is, then open IIS Manager. Open the application pools. Find the application pool for your application, right click, select advanced. settings. Then find the Identity property.
keep in mind, you posted this under asp.NET MVC but you question is related to IIS or Windows security.