Friday, June 1, 2012

Running an IIS7 site from a network drive

Running a web site, located in a network share, in IIS7 can be really tricky, as it usually ends up with IIS7 complaining about permission problem. This usually happens because IIS processes run as a different user, who is not allowed to access network shares. In this blog post it is shown how a web site can be run in the context of a user that is eligible to access a network share.

 But before we start an important note: Running a web site in the context of a privileged user may possibly entail security risks.

In this blog post the following setup is considered: a network drive with IP and share called fotiou, which is password-protected. The share has been mapped, by user User_NAME, to a network drive (Z:), windows have been configured to connect to that drive on start up, and our web site is located in Z:\wordpress.

 From the IIS7 manager console add a new web site. In our case the site is named wordpress. In the Physical path textbox insert the full URI to the website and not the mapped drive (in our case this would be \\\fotiou\wordpress), and press OK.

Now navigate in the Application Pools located above the Sites option (see the picture below)

From the Application Pools list select the newly created site (named wordpress in our example, as depicted below)

Right click and select Advanced Settings. The in the Process Model tab, edit the Identity option, by selecting the Custom account option, and by setting it to the current user, as in the picture below

Now navigate back to the Sites tree, select your web site and double click the Authentication option

Double click on the Anonymous Authentication option and select Application pool identity

Now your web site can be run without permission problems.