The current identity (NT Authority/Network Service) does not have write access to

Question

I developed a simple web application. A label and a button. On click of Button, the label will display Hello World.

When I deploy this web application on my web server

Answer 1

I ran into this error while replacing my domain server at home that hosts a bunch of websites, mostly data collection services for temperature etc. It also runs SSRS that I use to produce charts. I built new hardware and demoted the old box. It is no longer a DC, but a regular member of the domain. When I moved a website to the new server and tried to hit it, I got this error.

Running aspnet_regiis did not change anything. Now it turns out that the site calls the Reporting Services web service that still pointed to the old server, and that the error message is actually coming from the demoted former domain controller. I had to run aspnet_regiis -i on the old server!

Takeaways:

1. Demoting a PDC can cause the permissions to get messed up, resulting in this error
2. The error may not come from your local machine - look beyond the obvious!

Answer 2

One thing I would check when you are give permission to the Temporary ASP.NET folder using Folder Properties->Security option is if your are giving setting permission for right Network Service account. This can happen if the Network Service user the dialog is finding is for different location and not the local instance.

Answer 3

I changed the Identity of the application pools to use LocalSystem account as opposed to Network Service. Recycled the Application pools and everything was ok. This resolved it for me. I think there is an underlying issue with the "Network Service" on my server as I had problems with SQL using this account. Again just used LocalSystem during the install to get passed that also.

Answer 4

Eugene, You can get it working with high enough privilege like LocalSystem, but keep in mind that LocalSystem has administrator privileges on the local server and can also access network resources under the computer account, so if you application gets exploited, the attacker can get access to a lot of resources. Network Service on the other hand is just a user account on the local server and is also accessing network resources in the computer account context.

Answer 5

This worked for me, didn't try the -ga:

Navigate to

C:\Windows\Microsoft.NET\Framework\v2.0.50727 

and type the following command

aspnet_regiis -i

Answer 6

I had to set the Application Pool identity to NETWORKSERVICE And then add the user connecting to my website (the user you 'connect as' in IIS settings under Basic Settings for your website) to the IIS_IUSRS group