IIS: How to Use Windows Authentication with Minimal Permission Granted to Disk

When running an IIS site using Windows Authentication, is there a way to let the Application Pool account access files in the disk instead of the logged in user? Unless you work with these permissions often, it may be difficult to understand the situation, well, so let us elaborate.

To have a properly secured sever, use the principle of least privilege. It means that you only grant what is only required to enable a service to work, and nothing more. If you do this, then you have a tight list of permission on disk for your website.

However, the difficult part is when you use Windows Authentication rather than anonymous authentication to grant access to a website, or a part of a website.

So in this article, we’ll show you how to use Windows Authentication with Minimal Permissions granted to disk.

Leave a Reply

Your email address will not be published. Required fields are marked *