ASP.NET - Reading and writing to the file-system, outside the application

Question

Is there a way to access the file-system outside of the current ASP.NET application, without going around giving IIS_IUSRS permissions? For example, if I wanted

Answer 1

You can also setup your AppPool to run under an account with the appropriate credentials.

Answer 2

You can do this using impersonation, but I would urge you not to do this. You're getting into very risky areas as far as security is concerned. If you're not 100% sure of the access permissions of the identity you are impersonating, then you run the very real risk of allowing hackers to get at areas of your server that you did not intend. Setting up ACL's properly is time consuming, and you do NOT want to just use an administrative or super user. You'd want to set up a user specifically for this purpose, and if you're doing that, you're just adding a step to what you're already doing.

A better solution would be to design your app to write to a folder that your application controls. Your installation can create the folder on the machine and grant permissions automatically, rather than relying on an existing system folder.

http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_impersonationdelegation