I'm trying to map a virtual directory in my ASP.NET MVC 3 website. The virtual directory contains image files only, and the physical directory is located on another server. When I try to access an image from this directory via a web browser, I get an HTTP 500 error:
Parser Error Message: An error occurred loading a configuration file: Failed to start monitoring changes to '<virtual directory path>' because access is denied.
[EDIT]: After restarting IIS, I see that it's added "access is denied" to the end of the error message. However, the directory has the "Everyone" permission on it with read-access and it's still not working. I've seen posts that detail this same error, but the permission-setting solution isn't working for me.
Why is it looking for a configuration file? I've updated my Global.asax to ignore the route in question, and from within IIS 6, I can browse the files located in the virtual directory without issue. I've verified that the virtual directory is NOT set up as an application. Also, the permissions on the directory have read access for Everyone set. What am I doing wrong?
[EDIT #2]: The virtual directory being pointed to is a network shared folder... Does that make any difference?
[EDIT #3]: The IIS 6 hierarchy for what I'm trying to do is this: Default Website -> OurSite (MVC website which is ITSELF a virtual directory) -> Images (virtual directory that I'm struggling with). There definitely is a problem with the fact that this is a nested virtual directory; if I create the directory as a direct child of Default Website instead of Default Website -> OurSite, it works fine.
Thanks,
Andy
Make sure the identity running the App Pool also has execute and list permissions on that virtual folder as it's trying to monitor it for changes for caching.
http://support.microsoft.com/kb/316721/
[EDIT] This link indicates it may be the second case where it's not having permissions to a subfolder in the shared directory.
http://support.microsoft.com/kb/317955
Does the ASPNET account have access all the way down that tree?
Reading Turnkey's answer and your comments, I just wanted to point out that if your AppPool is using NETWORK SERVICE identity then your remote server needs to add the web server's machine/computer account to the shared folder and NTFS permissions NOT the NETWORK SERVICE account.
If you add NETWORK SERVICE to the shared folder and NTFS permissions, you are just adding the local machine's NETWORK SERVICE account not the web server's NETWORK SERVICE account. I hope I am making sense.
Whenever you use a computer's NETWORK SERVICE account to connect remotely you are in effect using the computer's machine account so that's what you need to add.
Say your web server is called PRODSERVER, you need to add the machine/computer account PRODSERVER$ to the remote shared folder's permissions.
Hope that helps.
Related
I have a windows service on XP OS in .Net Framework 2.0 which access folder and reads file from it to load it in database.
Shared folder has permission for "Everyone" with full control with all subfolder. and service runs on "Local System Account". and currently system running with Administrator account.
The stack trace is :
Message : Error while searching for files in : \\nw1\data\nov2012
Access to the path '\\nw1\data\nov2012' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
at System.IO.DirectoryInfo.GetFiles(String searchPattern, SearchOption searchOption)
at System.IO.DirectoryInfo.GetFiles()
at MyWinApp.Winservice1.SearchFiles(String imp, FileFolder objFile)
Edit: I found on MSDN that "LocalSystem Account has extensive privileges on the local computer" but not sure why it is not able to access network shared folder
can anyone suggest sollution for this problem?
Thanks,
I searched on internet but everywhere i found that anyhow i have to provide username/password to provide proper permission to windows service to access network shared folder(directly to windows service property or in windows service code like given here, code in that thread is here). so to make it working it for now i set username/password manually to service property.
If you are running the service with a local account (I believe is windows what we are talking about) and that local account does not belong to the domain or a domain.
You can always create the local account on the computer that is running the services AND create the local account on the computer that is sharing the folder.
Same account name, same password. It will work
I have been attempting to run a Unit Test in visual studio for an MVC Application and continuously getting the following error:
The URL specified ('http://localhost:21496/') does not correspond to a
valid directory. Tests configured to run in ASP.NET in IIS require a
valid directory to exist for the URL. The URL may be invalid or may
not point to a valid Web application.
The only advice around is to make sure you have a localhost address in the UrlToTest attribute like so:
[TestMethod()]
[HostType("ASP.NET")]
[UrlToTest("http://localhost:21496/")]
This however still doesn't run against IIS Express or IIS 7 on Windows 7 and when I delved into the event logs, found the following problem.
(QTAgent32.exe, PID 6976, Thread 15) WebSites.GetWebServer: failed to create AspNetHelper: Microsoft.VisualStudio.Enterprise.Common.AspNetHelperException: The website metabase contains unexpected information or you do not have permission to access the metabase. You must be a member of the Administrators group on the local computer to access the IIS metabase. Therefore, you cannot create or open a local IIS Web site. If you have Read, Write, and Modify Permissions for the folder where the files are located, you can create a file system web site that points to the folder in order to proceed. ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_IsContainer()
at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container)
at Microsoft.VisualStudio.Enterprise.Common.IISHelper.GetWebServerOrdinal(Uri site)
--- End of inner exception stack trace ---
at Microsoft.VisualStudio.Enterprise.Common.IISHelper.GetWebServerOrdinal(Uri site)
at Microsoft.VisualStudio.Enterprise.Common.IISHelper.get_WebServerOrdinal()
at Microsoft.VisualStudio.Enterprise.Common.IISHelper.get_RootPath()
at Microsoft.VisualStudio.Enterprise.Common.IISHelper.get_PhysicalPath()
at Microsoft.VisualStudio.Enterprise.Common.AspNetHelperMan..ctor(Uri uri, BasicAuthCredential credential, Int32 frameworkMajorVersion)
at Microsoft.VisualStudio.TestTools.HostAdapters.WebSites.GetWebServer(String webServerName, WebServerType webServerType, String urlToTest, String pathToWeb, String webAppRoot, BasicAuthCredential credential, Context context, WebSiteConfigurationType webSiteConfigType, Origin origin)
The next step I took was to make sure the QTAgent32 always runs with administrative privileges, along with visual studio.
I am now at a loss and cannot think of anything else to try, so do hope someone can at least point me in some direction.
Thanks
The tests were created in a default ASP.NET environment. In order to test the controllers but without the need to run the web application, you must delete the following attributes before the test methods.
[HostType("ASP.NET")]
[UrlToTest("http://localhost:21496/")]
I ran into the same problem today (also at this thread). I had the same errors in my event log:
(QTAgent32.exe, PID 12348, Thread 61) WebSites.GetWebServer: failed to create AspNetHelper: Microsoft.VisualStudio.Enterprise.Common.AspNetHelperException: The website metabase contains unexpected information or you do not have permission to access the metabase. You must be a member of the Administrators group on the local computer to access the IIS metabase. Therefore, you cannot create or open a local IIS Web site. If you have Read, Write, and Modify Permissions for the folder where the files are located, you can create a file system web site that points to the folder in order to proceed. ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
That lead me to this blog post which seems to have resolved the issue.
I just needed to go to "Turn Windows features on or off" and add IIS 6 Management Compatibility and all four subcomponents. I'm running Windows 7 Home Premium which doesn't have the Windows Authentication option, but that didn't seem to be an issue. Give it a shot and see if that resolves the issue for you.
I've uploaded my MVC Razor solution to my production server.
But when the website tried to access some files on my server (I've shared a folder and this is where the website reads files from) ... I get access denied.
I've tried to share the folder with "Everyone" permission and then it works fine.
My question is, which user should I add person for in the shared folder (using MVC 3 on an IIS7 server)?
It can depend on how you have your configuration set up. But in the common scenario you need to look at the app pool your app is running in, and then find out the account that app pool is running under. That account is the one that should have permissions on the folder in question.
We use MVC controllers that access System.File.IO in our application and they work fine in localhost (IIS 6.0-based Cassini). Deploying to IIS7, we have problems getting the controllers to work because they throw UnauthorizedAccessExceptions.
We have done the following to try to resolve the issue:
- Set NETWORK SERVICE and IUSR accounts to have permission on the files and folders in question
- Ensured the App Pool is running under NETWORK SERVICE and loading the user profile
- Application is running under full trust
- We tried adding impersonation to web.config and giving NETWORK SERVICE write permissions (which was not a great idea because that's not what we want to do)
Now, we alternate between getting UnauthorizedAccessException and an IIS7 404 page that suggests the routes are being ignored completely (for example we serve "/favicon.ico" via a controller when the physical file actually lives at /content/images/favicon.ico). We used ProcessMonitor to try to track down the issue but weren't successful.
UPDATE:
This issue is intermittent. We had a brief few minutes where everything worked without making any configuration changes. We're running on EC2, so this could be related to a distributed file system. We're also using a separate drive to store all web site data, we're not using inetpub/wwwroot.
UPDATE 2:
The site works without incident under IIS 7.5, with no configuration changes needed but this is likely due to running with the new AppPoolIdentity. Otherwise it's an identical deployment. Unfortunately we can't run R2 on this EC2 instance.
One of the ways to identifying the cause is using Procmon tool from Sysinternals
Procmon will show the reason for unable to open the file , it will also show who is holding the file.
The issue turned out to be the controller factory we were using not handling file requests properly.
I've been experimenting with ASP.Net MVC, and have come across a problem that is probably not specifically MVC related. But I cannot get the authentication in the default MVC application (the one created by the wizard when you create a new MVC project) to work properly under IIS 7 on Windows 7.
If I run under the Visual Studio environment, it works, but if I switch the settings to run under IIS instead, I get the following exception trying to submit the login or registration:
Failed to generate a user instance of
SQL Server due to failure in
retrieving the user's local
application data path. Please make
sure the user has a local user profile
on the computer. The connection will
be closed.
I believe that this is because the website runs under my own account in Visual Studio, but under the IUSR account in IIS. Google searches on the exception message have been unhelpful so far.
So, can one create a local user profile for the IUSR account? If so, how? Is there something else I should be doing to get the SQLExpress engine to work under the anonymous account in IIS 7?
I also tried configuring the IIS website to use my account, but since this is my home machine, my account doesn't have a password, and it appears that IIS won't let a website be configured to use an account without a password. Or, since this is my first experience with IIS 7, and configuration feels very different than IIS 5/6, I am just missing the right setting that will let me configure the account to use for anonymous access.
EDIT: Some additional information. If I empty the App_Data folder and try again from IIS, SQLExpress attempts to create my database and fails, but the exception message has further information with the following suggestions.
SQLExpress database file auto-creation
error:
The connection string specifies a
local Sql Server Express instance
using a database location within the
applications App_Data directory. The
provider attempted to automatically
create the application services
database because the provider
determined that the database does not
exist. The following configuration
requirements are necessary to
successfully check for existence of
the application services database and
automatically create the application
services database:
If the applications App_Data directory does not already exist, the
web server account must have read and
write access to the applications
directory. This is necessary because
the web server account will
automatically create the App_Data
directory if it does not already
exist.
If the applications App_Data directory already exists, the web
server account only requires read and
write access to the applications
App_Data directory. This is necessary
because the web server account will
attempt to verify that the Sql Server
Express database already exists within
the applications App_Data directory.
Revoking read access on the App_Data
directory from the web server account
will prevent the provider from
correctly determining if the Sql
Server Express database already
exists. This will cause an error when
the provider attempts to create a
duplicate of an already existing
database. Write access is required
because the web server accounts
credentials are used when creating the
new database.
Sql Server Express must be installed on the machine.
The process identity for the web server account must have a local user
profile. See the readme document for
details on how to create a local user
profile for both machine and domain
accounts.
I've pretty extensively confirmed that the first three suggestions have been satisfied. The fourth seems to be the cause of my problems, but I can't figure out how to do that. And although the suggestion claims there is a readme document that describes it, I have not been able to find that document.
I got this problem as well running under medium trust. The process that creates the database requires at least High trust. You can check this by looking in your Web.Config for
<trust level="TrustLevel" />
If there is no trust specified in your Web.Config, try adding it and set it to either Full or High. If this doesn't work, there is a machine.config in your IIS which you would need to modify.
That being said, the best route I have found to solve this is to just use aspnet_regsql.exe to create the necessary tables and then change the connection string in your Web.Config to look at it directly.
I solved "The directory 'LocalApplicationData' does not exist." error when running an SSIS package through an SQL Job by ensuring the SQL SSIS service and SQL Server Agent service were running under the same account as the swql job was set to use!
This in my case was a domain account.
Solution: Try UNINSTALLING any updates before you started experiencing the issue. I spent countless hours - wasted hours that I will never get back in my life - reading and following every solution possible without success. I uninstalled all SQL Server updates and now everything works fine.