Hi
I have a website running on IIS7 using Forms Authentication. Authenticated users can visit a downloads page that lists the contents of a shared folder on the same server. Currently this contains one test document, a txt file. I have removed all file permissions from the folder except Administrators, the Application Pool Identity and the local IIS_IUSRS account.
I can log in as a user, browse to the list of files and open the text file. However, any user, authenticated or not, can access the shared folder directly from their computer by using the UNC path because the local IIS_IUSRS account seems to contain the Domain Users security group.
If I remove the IIS_IUSRS account then users can no longer access the share via UNC path, as desired. However, authenticated users can no longer open the files from their browsers. As soon as they click on the link to open the file they receive a dnserror.htm page.
To which system account do I need to grant access to the shared folder in order that IIS be allowed to access the folder and serve it to the user?
Thanks,
Matt