Mar 01, 2019 08:16 PM|kj27|LINK
Apologies in advance for the newbie question - as this is fairly straightforward operation.
I'm trying to migrate my intranet MVC application to production. One of its features is that it allows users to upload files. This is very simple - after a user selects a file, it is saved using the HttpPostedFileBase.SaveAs() method.
The application itself has Windows Authentication enabled along with Impersonation (authenticated user). For development purposes, I was uploading to a local location and of course everything is working as expected. But for production, we've allocated space
on a network share. The Application Pool uses ApplicationPoolIdentity.
My question is which users are supposed to get permission to the shared directory? Should it be the individual Windows accounts (we can put them into an AD group to simplify management) or do we just give access to IIS_IUSRS? (I believe the latter is a security
hole). Or is there a different solution altogether?
Apologies in advance if I'm missing information needed for making an assessment - please let me know your thoughts.