Re: Web.Config / Security Settings for sites NOT on sys partition

From: Grant Harmeyer (gn_harmeyer_at_hotmail.com)
Date: 10/13/03


Date: Mon, 13 Oct 2003 08:09:52 -0500

Worked like a charm. Another trick added to the toolbox. Thanks

Grant Harmeyer

"Jim Cheshire [MSFT]" <jamesche@online.microsoft.com> wrote in message
news:icK1Wr3jDHA.1716@cpmsftngxa06.phx.gbl...
> Hi Grant,
>
> This is actually a Common Language Runtime security policy issue. The
> Common Language Runtime is not allowing assemblies located on your remote
> share the permissions necessary to run. The solution is to create a new
> Code Group to allow them to run correctly.
>
> * Open the .NET Framework Configuration tool from Administrative Tools.
> * Expand the Runtime Security Policy node.
> * Expand the Machine node.
> * Expand the Code Groups node.
> * Right-click on the All_Code node and choose New.
> * In the Name box, enter a name of your choice for this new code group.
> * Click Next.
> * Select URL from the checkbox.
> * In the URL box, enter the UNC share in the following format:
> file:///\\SERVER\SHARE\*
> In other words, if your UNC share is \\server\share, you would enter
it
> exactly as above. Make sure you add the "\*" at the end.
> * Click Next.
> * Select Full Trust from the dropdown.
> * Click Next.
> * Click Finish.
>
> After you've done that, go to a command line and run IISRESET to restart
> the worker process. You should now be able to run your app.
>
> Jim Cheshire [MSFT]
> Developer Support
> ASP.NET
> jamesche@online.microsoft.com
>
> This post is provided as-is with no warranties and confers no rights.
>
> --------------------
> >Reply-To: "Grant Harmeyer" <gn_harmeyer@hotmail.com>
> >From: "Grant Harmeyer" <gn_harmeyer@hotmail.com>
> >Subject: Web.Config / Security Settings for sites NOT on sys partition
> >Date: Fri, 10 Oct 2003 15:22:32 -0500
> >Lines: 24
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> >Message-ID: <elFavy2jDHA.744@tk2msftngp13.phx.gbl>
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> >NNTP-Posting-Host: 208-131-234-237.internetapollo.com 208.131.234.237
> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl
> microsoft.public.dotnet.framework.aspnet.security:7112
> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> >
> >I have a Win2K server set up with .NET 1.1, IIS5, and I run a few
> >development test sites on this server for deployment elsewhere. Up until
> >now, there was no issue with the sites residing in the Inetpub directory
on
> >the sys partition. However, we are starting to consume valuable disk
space
> >on the sys partition. So, I have moved one of the sites (a low priority
> one)
> >to a network drive (and different partition) that is still on the same
> >physical server, just not the sys partition.
> >
> >The .NET runtime now has what I beleive to be a security problem with the
> >site when it is being hosted from this location. It states that it can't
> >load the type (ASPX CodeBehind) of the page because of a
SecurityException
> >that can be fixed by adding a node to my Web.Config file. But I am unable
> to
> >find any documentation as to what this node is, or where it is to be
placed
> >in the Web.Config file. If I were to guess, I would say this may be an
> >instance where the web application needs to impersonate an account with
the
> >correct tokens for the app to run, but I'm a bit lost right now. Any
quick
> >fixes for hosting sites off of a network drive?
> >
> >P.S. I have ensured my ACL file settings on the site are correct, as well
> as
> >IIS perms ( twice ;-) )
> >
> >Grant Harmeyer
> >
> >
> >
>