RE: Web.Config / Security Settings for sites NOT on sys partition

From: Jim Cheshire [MSFT] (
Date: 10/11/03

Date: Fri, 10 Oct 2003 22:06:47 GMT

Hi Grant,

This is actually a Common Language Runtime security policy issue. The
Common Language Runtime is not allowing assemblies located on your remote
share the permissions necessary to run. The solution is to create a new
Code Group to allow them to run correctly.

* Open the .NET Framework Configuration tool from Administrative Tools.
* Expand the Runtime Security Policy node.
* Expand the Machine node.
* Expand the Code Groups node.
* Right-click on the All_Code node and choose New.
* In the Name box, enter a name of your choice for this new code group.
* Click Next.
* Select URL from the checkbox.
* In the URL box, enter the UNC share in the following format:
    In other words, if your UNC share is \\server\share, you would enter it
exactly as above. Make sure you add the "\*" at the end.
* Click Next.
* Select Full Trust from the dropdown.
* Click Next.
* Click Finish.

After you've done that, go to a command line and run IISRESET to restart
the worker process. You should now be able to run your app.

Jim Cheshire [MSFT]
Developer Support

This post is provided as-is with no warranties and confers no rights.

>Reply-To: "Grant Harmeyer" <>
>From: "Grant Harmeyer" <>
>Subject: Web.Config / Security Settings for sites NOT on sys partition
>Date: Fri, 10 Oct 2003 15:22:32 -0500
>Lines: 24
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <elFavy2jDHA.744@tk2msftngp13.phx.gbl>
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
>I have a Win2K server set up with .NET 1.1, IIS5, and I run a few
>development test sites on this server for deployment elsewhere. Up until
>now, there was no issue with the sites residing in the Inetpub directory on
>the sys partition. However, we are starting to consume valuable disk space
>on the sys partition. So, I have moved one of the sites (a low priority
>to a network drive (and different partition) that is still on the same
>physical server, just not the sys partition.
>The .NET runtime now has what I beleive to be a security problem with the
>site when it is being hosted from this location. It states that it can't
>load the type (ASPX CodeBehind) of the page because of a SecurityException
>that can be fixed by adding a node to my Web.Config file. But I am unable
>find any documentation as to what this node is, or where it is to be placed
>in the Web.Config file. If I were to guess, I would say this may be an
>instance where the web application needs to impersonate an account with the
>correct tokens for the app to run, but I'm a bit lost right now. Any quick
>fixes for hosting sites off of a network drive?
>P.S. I have ensured my ACL file settings on the site are correct, as well
>IIS perms ( twice ;-) )
>Grant Harmeyer