ASP.NET Required Access Control Lists (ACLs)
The following table shows which type of file and folder permissions the identity of an ASP.NET Web application must have in order to function properly. Some permissions are required only by the account that the ASP.NET process is running as, while others are required by any impersonated account also. For more information, see ASP.NET Impersonation.
Location |
Access type |
Account |
Comments |
|---|---|---|---|
%SystemRoot%\Microsoft.NET\Framework\versionNumber\Temporary ASP.NET Files |
Read/write |
Process or configured impersonation. |
This is the location for dynamically compiled files. Beneath this location, application code generation takes place in a discrete directory for each application. You can configure the root location using the tempDir attribute of the <compilation> configuration section. |
%SystemRoot%\assembly |
Read |
Process or configured impersonation. |
This is the location of the global assembly cache (GAC). |
%SystemRoot%\System32 |
Read |
Process |
Contains system DLLs loaded by the .NET Framework. |
%SystemRoot%\Temp |
Read/write/delete |
Process |
Used for Web services support. |
User profile directory |
Read/write |
Process |
Used by the GAC cache lock files and the security configuration caching mechanism of the common language runtime. If the user profile directory for the account does not exist, ASP.NET uses the default user profile directory. |
Web application directory |
Read |
Process or configured impersonation. |
This is the location for application files. |
Web application directory\App_Data |
Read/write |
Process or configured impersonation. |
This is the default location for data files in an ASP.NET Web application. If your application uses the App_Data subdirectory, the ASP.NET process must be able to write to the directory and for some databases, to be able to create temporary files in the subdirectory. |
%SystemRoot%\Microsoft.NET\Framework\version and subdirectories |
Read |
Process or configured impersonation |
ASP.NET must be able to access the system assemblies referenced in the Machine.config file in the CONFIG subdirectory under %SystemRoot%\Microsoft.NET\Framework\version\. |