I'm getting really confused with Windows 2003 Security...

Basically, we have a web app that gets installed with installshield on a customer's server.

Now one of the virtual directories (whose anonymous account is IUSR_MACHINENAME) is called \mydata

In this \mydata folder I have some .xml files that are saved via the web app. (i.e using the DataSet to XML file generators .net has).

I have given the IUSR_MACHINENAME account modify access on this \mydata folder, but when I try to save the .xml files from my web app, a username/password box pops up on the screen asking for Windows Credentials. I have also given modify access to the IIS_WPG account, the NETWORK SERVICE account, even given the EVERYONE account modify access, but this box still pops up!!

Shouldn't giving the IUSR_MACHINENAME account modify access be enough??

What I don't understand is we had this fixed a few days ago and it seemed like the only account requiring permissions was the IUSR account. But now it seems like everything has changed.

Please can someone explain to me what is going on here and why this box pops up!!!

My web.config security settings look like this...

<authentication mode = "Windows" />
<identity impersonate = "true" />
<authorization>
<allow users = "?" />
</authorization>