How to Change the Location of Temporary ASP.NET Files Directory in IIS to Resolve Permission Issues


1 views

When you change the application pool identity in IIS 7.5+ to a domain user account, you might encounter this common error:

The current identity (domain\username) does not have write access to 
'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'

While you could simply grant write permissions to the default directory, there's a more maintainable solution: relocating the temporary files folder.

The ASP.NET compilation system uses this directory for temporary storage of compiled assemblies. You can customize its location through the compilation element in web.config or machine.config.

For application-specific configuration (web.config):

<configuration>
  <system.web>
    <compilation tempDirectory="D:\CustomTempASP.NET\MyApp" />
  </system.web>
</configuration>

For server-wide configuration (machine.config):

<configuration>
  <system.web>
    <compilation tempDirectory="D:\ASP.NET_Temp\{0}\{1}" />
  </system.web>
</configuration>

You can use environment variables or special tokens in the path:

<compilation tempDirectory="%TEMP%\ASP.NET\{0}\{1}" />

The {0} and {1} placeholders will be automatically replaced with:

  • {0} - The .NET Framework version (e.g., v4.0.30319)
  • {1} - The application's AppDomain ID

After making changes, you can verify the new location is being used by:

  1. Checking the ASP.NET trace logs
  2. Using Process Monitor to watch file system activity
  3. Adding temporary files to the directory and checking if they appear in your custom location

When implementing this in production:

  • Use a dedicated disk volume if possible
  • Set appropriate NTFS permissions (Modify rights for the app pool identity)
  • Consider using a RAM disk for high-performance scenarios
  • Document the custom location in your deployment procedures

If the new location isn't working:

# Check effective configuration
[System.Web.Compilation.CompilationSection]::GetSection().TempDirectory

Common problems include:

  • Inheritance of permissions broken on the new directory
  • Antivirus software blocking access
  • Insufficient disk space at the new location

When switching IIS application pool identities from built-in accounts to domain users, you'll likely encounter this common error:


Server Error in '/' Application.
The current identity (domain\username) does not have write access to 
'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'.

While you could simply grant write permissions to the default directory, there are compelling reasons to relocate it instead:

  • Better security by avoiding unnecessary permissions on system directories
  • Easier maintenance with a custom location
  • Potential performance benefits if using faster storage
  • Cleaner separation of application components

The most straightforward method is to add this to your application's web.config:


<configuration>
  <system.web>
    <compilation tempDirectory="D:\CustomTemp\ASP.NET" />
  </system.web>
</configuration>

For machine-level changes affecting all applications, modify the aspnet.config file located at:


%FrameworkDir%\%FrameworkVersion%\aspnet.config

Add this section:


<configuration>
  <system.web>
    <compilation tempDirectory="D:\GlobalTemp\ASP.NET" />
  </system.web>
</configuration>

Here's a script to handle the relocation for multiple applications:


# Set temporary directory for all web applications
$tempPath = "D:\ASP.NET_Temp"
$configPath = "$env:windir\Microsoft.NET\Framework64\v4.0.30319\aspnet.config"

# Create the directory if it doesn't exist
if (!(Test-Path $tempPath)) {
    New-Item -ItemType Directory -Path $tempPath | Out-Null
}

# Set permissions
$acl = Get-Acl $tempPath
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS AppPool\*", 
    "Modify", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl -Path $tempPath -AclObject $acl

# Update aspnet.config
[xml]$config = Get-Content $configPath
if (!$config.configuration) {
    $config = [xml]"<configuration></configuration>"
}
if (!$config.configuration."system.web") {
    $systemWeb = $config.CreateElement("system.web")
    $config.DocumentElement.AppendChild($systemWeb)
}
$compilation = $config.SelectSingleNode("//compilation")
if (!$compilation) {
    $compilation = $config.CreateElement("compilation")
    $config.SelectSingleNode("//system.web").AppendChild($compilation)
}
$compilation.SetAttribute("tempDirectory", $tempPath)
$config.Save($configPath)

Write-Host "ASP.NET temporary files directory successfully configured to $tempPath"

After making changes, verify the new location is being used:

  1. Check the Event Viewer for ASP.NET events
  2. Monitor the new directory for file creation
  3. Use Process Monitor to track file access

Common issues to watch for:

  • Inheritance problems with NTFS permissions
  • Path length limitations (keep it under 260 characters)
  • Antivirus software interference