21. december 2010 09:32
If you change the file permission on deployed files in the WebRole, you will be able to edit or delete those files from you website. This includes the web.config file!
Also if you write new files in the WebRole, you also need to change the file permission for those files.
My colleague at Composite Marcus Wendt found the code for changing the file permission here. Ill restate the code below. This code is not enough, you also need to edit the ServiceDefinition.csdef file. You need to add '<Runtime executionContext="elevated" />' to the ServiceDefinition.csdef file to give your WebRole rights to change file permissions:
<?xml version="1.0" encoding="utf-8"?>
<Runtime executionContext="elevated" />
And here is the code for changing the permission for a given file:
void ChangePermission(string filePath)
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
IdentityReference act = sid.Translate(typeof(NTAccount));
FileSecurity sec = File.GetAccessControl(filePath);
sec.AddAccessRule(new FileSystemAccessRule(act, FileSystemRights.FullControl,