RE: Web.Config / Security Settings for sites NOT on sys partition
From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: Fri, 10 Oct 2003 22:06:47 GMT
This is actually a Common Language Runtime security policy issue. The
Common Language Runtime is not allowing assemblies located on your remote
share the permissions necessary to run. The solution is to create a new
Code Group to allow them to run correctly.
* Open the .NET Framework Configuration tool from Administrative Tools.
* Expand the Runtime Security Policy node.
* Expand the Machine node.
* Expand the Code Groups node.
* Right-click on the All_Code node and choose New.
* In the Name box, enter a name of your choice for this new code group.
* Click Next.
* Select URL from the checkbox.
* In the URL box, enter the UNC share in the following format:
In other words, if your UNC share is \\server\share, you would enter it
exactly as above. Make sure you add the "\*" at the end.
* Click Next.
* Select Full Trust from the dropdown.
* Click Next.
* Click Finish.
After you've done that, go to a command line and run IISRESET to restart
the worker process. You should now be able to run your app.
Jim Cheshire [MSFT]
This post is provided as-is with no warranties and confers no rights.
>Reply-To: "Grant Harmeyer" <firstname.lastname@example.org>
>From: "Grant Harmeyer" <email@example.com>
>Subject: Web.Config / Security Settings for sites NOT on sys partition
>Date: Fri, 10 Oct 2003 15:22:32 -0500
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>NNTP-Posting-Host: 208-131-234-237.internetapollo.com 184.108.40.206
>I have a Win2K server set up with .NET 1.1, IIS5, and I run a few
>development test sites on this server for deployment elsewhere. Up until
>now, there was no issue with the sites residing in the Inetpub directory on
>the sys partition. However, we are starting to consume valuable disk space
>on the sys partition. So, I have moved one of the sites (a low priority
>to a network drive (and different partition) that is still on the same
>physical server, just not the sys partition.
>The .NET runtime now has what I beleive to be a security problem with the
>site when it is being hosted from this location. It states that it can't
>load the type (ASPX CodeBehind) of the page because of a SecurityException
>that can be fixed by adding a node to my Web.Config file. But I am unable
>find any documentation as to what this node is, or where it is to be placed
>in the Web.Config file. If I were to guess, I would say this may be an
>instance where the web application needs to impersonate an account with the
>correct tokens for the app to run, but I'm a bit lost right now. Any quick
>fixes for hosting sites off of a network drive?
>P.S. I have ensured my ACL file settings on the site are correct, as well
>IIS perms ( twice ;-) )