When the application is deployed to a subfolder under the IIS Web root, the first access to the application always failed while the subsequent access is successful.
Cause:
When tracking the request using Fiddler, the CreateSession request failed at the first access to the application, and the following error message is returned: errmsg=Access to the path 'C:\inetpub\wwwroot\App\AppConfig\License.json' is denied.
Solution 1:
The issue is caused by insufficient folder permissions. The Web API process must have read/write access to specific application folders (such as C:\inetpub\wwwroot\[appname]) to function correctly.
Note
Instead of granting permissions to broad groups like IIS_IUSRS , it is strongly recommended to follow the principle of least privilege and grant access only to the virtual account associated with the application's Application Pool.
For detailed steps, refer to the best practices in Access to powerserver\licoffdata.bin is denied section in this documentation. This approach ensures tighter security by isolating access rights to a single site process.
If needed for troubleshooting, temporary access can be granted to broader accounts (e.g., IIS_IUSRS, Everyone), but these permissions should be removed after verification.
Solution 2:
Refer to the article below to set an account in the administrator group to the Identity property for DefaultAppPool: https://campuslogicinc.freshdesk.com/support/solutions/articles/5000713210-changing-identity-user-for-iis-application-pool.
Restart the IIS server (iisreset.exe).
