I'm using the official documentation to install NopCommerce onto an Azure VM, and briefly searched the Security forum but I couldn't find this topic. To access the NopCommerce installation page I had to configure the IIS_IUSRS user with MODIFY permission on the wwwroot folder. This is not my production environment, but I would like to know: How I should configure user permissions in a production environment of NopCommerce?
Configure IIS
You must grant permission to the folder wwwroot. With the site selected in the IIS Manager, choose Edit Permissions, and make sure that IUSR, IIS_IUSRS, or the user configured for the Application Pool is an authorized user with Read & Execute rights. If none of these users are present, add IUSR as a user with Read & Execute rights.
https://docs.nopcommerce.com/en/developer/tutorials/azure-publish.html?q=permission