The first issue I ran into was that the ASP.NET Temp directory did not have permissions for NETWORK SERVICE. I know I’ve run into this with every server I’ve installed myself – for some unknown reason Microsoft does not give the proper permissions to the ASP.NET temp folder. At the very least NETWORK SERVER (or whatever account your Web application is running under) needs to be set.

Along the same lines, the West Wind Web Store *requires* that some information gets written into the local Web directory. Specifically I use configuration information that is stored in Web.Config and is updateable via the application. So the application – in some capacity needs to be able to write to web.config.

The way that I usually handle this is by setting up my Admin directory of the application which contains the logic for manipulating configuration settings, with Impersonation and then disable anonymous access. This works great usually without requiring any change of rights on the server.

However, I found out that if you do use Impersonation you also need rights in the ASP.NET Temp directory for any impersonated user. IOW, the ASP.NET temp directory really needs full rights for everyone for this scheme to work.

Anybody work with ISPs on a regular basis, that has any feedback on practices that are allowed for a hosted site? I would like to come up with some scenario that works best for ISP hosted applications.

So in short I either need:

Full access for the web.config or the  virtual altogetherfor NETWORK SERVICE (or Web app user)

Full access to the ASP.NET Temp directory for ALL users

Out of the two the second actually seems more reasonable, but obviously that setting affects all hosted sites.