Publish an Angular with .NET CORE app to IIS on AWS Cloud EC2 instance

I faced a few challenges while publishing my application(Front end on Angular 13, Backend is .NET CORE 6) to IIS on AWS EC2 instance using Custom Identity. So I thought of sharing this post which will help you to fix the issue quickly.

It is a straight forward process to publish an application to IIS without using custom identity and many are already aware of this process. When we create an Application Pool by default it uses Application Pool Identity. In many cases we can not use Application Pool Identity. For example if your application is accessing web share or network share then your application needs to have required permission to access these shares. In this case you will have to create a Service Account and provide necessary permission to your Service Account to access these shares. Then you need to use this Service Account as Identity instead of Application Pool Identity to set up your application.

However if you want to use another identity then we have to make sure your new identity has the required permissions to access the app's folder and configuration. 

Follow the below steps to host Angular with .NET Core application on Amazon EC2 instance using custom identity (ServiceAccount).

1.      Open IIS using inetmgr command.

2.      Create a new application pool using the Add Application pool option.

3.      Open Advanced Settings option. Change Identity from Application Pool Identity to Custom Identity. Use the Service Account which you have already created for your application. (Note: Application Pool Identity may not have required permission to access web share if you are using web share in your application. Hence it is recommended to use your own application specific Service Accounts)

4.      Go to Sites Click on Add Website from the contextual menu.

5.      Enter Site Name and select the Application Pool which you created in the previous steps.

6.      Set the Physical path to the app's deployment folder that you created. It’s recommended to use inetpub/wwwroot folder for deployment folder for .NET CORE applications.

7.      Provide the Binding configuration and create the website by selecting OK. Don’t use port number 80, this can open up your app to security vulnerabilities.

8.      Verify that your service account (custom identity) has the required permissions to access the app’s folder.

9.      To verify the permission of your identity, go to wwwroot/yourappfolder and open the properties dialog and go to Security Tab and check your service account is listed there.

10.   If your service account is not listed then click on Edit and Add your Service Account and give required permission.

11.   You should be able to launch your application from Browser now.

12.   If you are getting 500 internal server errors you have to do the following to fix it.

·        Go to IIS and click on your Web site

·        Double click on the Authentication button and then click on Anonymous Authentication.

·        Click on Edit option under Actions section

·        Set Specific User as your Service Account user.

·        This should fix the 500 internal server errors.

13.   If you are getting “The current identity (NW\SVCAccountName) does not have write access to 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'” error follow the below steps to fix it.

·        Open a command prompt window "as administrator"

·        Run the below command C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Aspnet_regiis.exe -ga server\user

Replace server\user with the username that your application pool runs under. This gives that identity access to the IIS configuration and other directories used by ASP.NET.