This is also listed in the DotNetGalleryUsersGuide.pdf file in the Documentation folder:
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET
request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is
used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to
add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
At run-time, when the first hit comes to the page, DotNetGallery control will check for the needed files, images, and as it won't
be there, it will create the folder and extract files from assembly.
Finally, it is important to note that in order to save files on the server; the current user must have disk write permissions on the
destination folder.
After you extract all the files from the assembly, you don't need to assign ASPNET account write permissions to your
production server.