Does DefaultAppPool run with special elevated privilegs on IIS?
Posted
by Leeks and Leaks
on Stack Overflow
See other posts from Stack Overflow
or by Leeks and Leaks
Published on 2009-06-10T14:08:44Z
Indexed on
2010/04/22
19:13 UTC
Read the original article
Hit count: 373
I'm running a piece of code within a web page that queries the IIS metabase using ADSI. The code is as simple as this:
DirectoryEntry iisNode =
new DirectoryEntry("/LM/W3SVC/1/ROOT/MyAspWebsite-1-128886021498831845");
foreach (DirectoryEntry de in iisNode.Parent.Children)
{
System.Console.WriteLine(de.Name);
}
This works fine when I run the page/site under the DefaultAppPool on IIS7/W2K8. However when I create my own app pool and leave the properties the same as the default app pool, this code fails with the following error:
Caught: System.Runtime.InteropServices.COMException
Failed to parse virtual directory:
/LM/W3SVC/1/ROOT/MyAspWebsite-1-128889542757187500
System.Runtime.InteropServices.COMException (0x80070005): Access is denied.
What special privileges does the DefaultAppPool have? I don't see any documented. I need this to work in non default app pools, but without giving the entire worker process elevated privileges. I've also tried using the username and password parameters of the DirectoryEntry constructor, by using the Admin on the machine that IIS7 is running on, but that didn't change anything. I'll also note that this works fine on IIS6 and W2K3.
Any help is appreciated.
© Stack Overflow or respective owner
