ASP.NET Required Access Control Lists (ACLs)

The following table shows which type of access permissions ASP.NET must have in order to access the listed locations.

Location Access type Account Comments
installroot\ASP.NET Temporary Files Read/write Process or configured impersonation. This is the location for dynamically compiled files. Beneath this location, application code generation takes place in a discrete directory for each application. The root location itself can be configured using the tempDir attribute of the <compilation> section.
systemroot\assembly Read Process or configured impersonation. This is the location of the global assembly cache.
systemroot\system32 R Process Contains system DLLs loaded by the .NET Framework.
systemroot\temp Read/write/delete Process Used for web services support.
userprofile directory Read/write Process Used by the global assembly cache lock files and the common language runtime security configuration caching mechanism. If the user profile directory for the account doesn't exist, ASP.NET will use the default userprofile directory.
application directory Read Process or configured impersonation. This is the location for application files.
installroot hierarchy Read Process or configured impersonation ASP.NET must be able to access the system assemblies referenced in the Machine.config file in the config subdirectory under installroot.
Default Web Site monitoring. Read Process Used for file change notification monitoring.

See Also

ASP.NET Web Application Security