On our Windows 2008 R2 server I have a site running under the default ASP.NET v4.0 application pool. The identity of ASP.NET v.4.0 app pool is set to "ApplicationPoolIdentity" (I guess this is default).

How do I grant this identity access to read from a custom folder within my site. I have tried "Application Pool Identity" and "ApplicationPoolIdentity" but both gives me:

An object named "Application Pool Identity" cannot be found.

Bonus question = should I instead forget about all this and make the change to store the files in app_data folder? Would that solve the issue?

ICACLS <folder> /grant "IIS AppPool\nameoftheapppool":WRX did not work for me, it gave an error:

Invalid parameter "IIS AppPool\nameoftheapppool" 

but, the following did work:

ICACLS <folder> /grant "IIS AppPool\nameoftheapppool:WRX"

You can use the ICACLS tool for this. The usage herefore is:

(Command-prompt)> ICACLS <folder> /grant "IIS AppPool\<nameoftheapppool>":WRX

that should do the trick. ( If you replace the placeholders with the right values )

More information about ICACLS.exe can be found here http://support.microsoft.com/kb/919240