I'm using the official documentation to install NopCommerce onto an Azure VM, and briefly searched the Security forum but I couldn't find this topic. To access the NopCommerce installation page I had to configure the IIS_IUSRS user with MODIFY permission on the wwwroot folder. This is not my production environment, but I would like to know: How I should configure user permissions in a production environment of NopCommerce?
You must grant permission to the folder wwwroot. With the site selected in the IIS Manager, choose Edit Permissions, and make sure that IUSR, IIS_IUSRS, or the user configured for the Application Pool is an authorized user with Read & Execute rights. If none of these users are present, add IUSR as a user with Read & Execute rights.