RE: asp.net and IIS 6, access denied to the web directory.
From: Chris Cichocki (chris.cichocki_at_newsgroup.nospam)
Date: 10/19/05
- Next message: Chris Weber [Security MVP]: "Re: Building a Windows 2003 DMZ Server without ISA"
- Previous message: Tom Kaminski [MVP]: "Re: IIS and Disaster recovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Oct 2005 11:43:03 -0700
Have you tried granting read/execute permissions to the Users or Everyone
groups? This will tell you whether or not it is a membership issue. In
other words, if allowing these groups (only add one at a time) causes the
application to work, then there is something strange going on with the
identities not belonging to the groups you think they do.
We have had a similar problem where we set up a base machine with IIS
installed, then cloned it to create other machines. The Intenet Guest
Account was still named after the name of the base machine, and granting
explicit permissions to this account had absolutely no affect. Granting
permissions to the Users group (of which all local accounts are automatically
a member of) worked... The fix was to remove IIS and reinstall it, which
recreated the Internet Guest Account.
Chris
"Slim" wrote:
> Ok. Lets say I am running website called dev.mysoftware.com.
>
> In IIS, I have home directory set to C:\Inetpub\wwwroot\dev.mysoftware.com
> When I open the site, I get the error:
> ==================================================
> Server Error in '/' Application.
> --------------------------------------------------------------------------------
>
> Access to the path "C:\Inetpub\wwwroot\dev.mysoftware.com" is denied.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information about
> the error and where it originated in the code.
>
> Exception Details: System.UnauthorizedAccessException: Access to the path
> "C:\Inetpub\wwwroot\dev.mysoftware.com" is denied.
>
> ASP.NET is not authorized to access the requested resource. Consider
> granting access rights to the resource to the ASP.NET request identity.
> ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
> Network Service on IIS 6) that is used if the application is not
> impersonating. If the application is impersonating via <identity
> impersonate="true"/>, the identity will be the anonymous user (typically
> IUSR_MACHINENAME) or the authenticated request user.
>
> To grant ASP.NET write access to a file, right-click the file in Explorer,
> choose "Properties" and select the Security tab. Click "Add" to add the
> appropriate user or group. Highlight the ASP.NET account, and check the boxes
> for the desired access.
> =====================================================
>
> I have searched and searched, and read that this is due to the anonymous
> user, aspnet user, machine service not having the permissions on the
> dev.mysoftware.com directory. I have followed all info I can find, and have
> set the permissions, but still getting the same error, and don't know what to
> try next....
>
> This is what I have so far. Anonymous Access is set to use user name:
> (IUSR_US-PORT). Application pool identity is Predefined: Network Service.
>
> On "C:\Inetpub\wwwroot\dev.mysoftware.com directory":
> ASP.NET Machine Account, IIS_WPG, IUSR_US-PORT, Network Service all have
> Read&Execute, List Folder Contents, Read permissions.
>
> On "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files"
> directory:
> ASP.NET Machine Account, IIS_WPG, IUSR_US-PORT, Network Service all have
> Full Control permission.
>
> Any other ideas to try? Please let me know if you need more detailed
> information about anything, but I am just stuck.
>
> Thanks all.
>
>
- Next message: Chris Weber [Security MVP]: "Re: Building a Windows 2003 DMZ Server without ISA"
- Previous message: Tom Kaminski [MVP]: "Re: IIS and Disaster recovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
