We're having trouble migrating our ASP.NET applications to Windows Server 2008 R2 x64 and IIS7.5. The problem is that our ASP.NET apps write log files, and these log files are not being written. The only way the apps write their log files is if I'm logged into the server as the local Administrator user or if I right click and run IE as Run as Administrator, neither of which is an acceptable solution for us.
Our platform is: Windows Server 2008 R2 x64 (UAC setting is the default setting) IIS7.5 ASP.NET 4.0 (using Windows authentication and impersonation, both on in web.config)
Our app gets installed to: D:[appname] [appnameWebSite] (all the .aspx, .dll, etc. files are in here) \Log (the app tries to write the log file to this folder)
On the server: Created new App Pool (name: [appname], .NET 4.0, Managed Pipeline Mode: Classic, Identity: ApplicationPoolIdentity, Load User Profile: False, all other properties are the defaults) Created IIS application pointing to D:[appname][appnameWebSite] and added it the the new App Pool (Full trust level) Have a domain user in local Administrators group
With all the configuration and default settings listed above, the ASP.NET app will not write the log file. The app appears to work fine in the browser, but no log.txt file.
To try to "fix" this issues, we've tried many things: Tried Application Pool setting: Managed Pipeline Mode: Integrated Tried Application Pool setting: Identity: NetworkService Tried Application Pool setting: Identity: LocalSystem Tried Application Pool setting: Load User Profile: True Gave Users group full control to file system for our application folder structure (tried appname folder, tried Log folder only, tried appnameWebSite and Log folders only) Gave IIS AppPool[appname] (matching the new App Pool) user full control to file system for our application folder structure (tried appname folder, tried Log folder only, tried appnameWebSite and Log folders only)
None of these things helped. Again, the app would run fine, just no log file created.
As mentioned above, the only way that the log file is created when the app runs is if we log into the server using the local Administrator account (which makes sense since he's a super user) or if we run IE as administrator and elevate privileges.
How can we resolve this?
Well, after days of trying every IIS option, user and group accounts, file system permissions, Process Explorer, etc., I think we got it working:
And success! The log file is written as expected no matter what user is using the ASP.NET application, and no matter if they're running it on the server itself or from a workstation.
I don't know if turning off Internet Explorer Enhanced Security Configuration on the server is the "correct" thing to do or if it violates any best practices, but it seems to work for us.
Does anyone have anything to add?