We use MVC controllers that access System.File.IO in our application and they work fine in localhost (IIS 6.0-based Cassini). Deploying to IIS7, we have problems getting the controllers to work because they throw UnauthorizedAccessExceptions.
We have done the following to try to resolve the issue:
- Set NETWORK SERVICE and IUSR accounts to have permission on the files and folders in question
- Ensured the App Pool is running under NETWORK SERVICE and loading the user profile
- Application is running under full trust
- We tried adding impersonation to web.config and giving NETWORK SERVICE write permissions (which was not a great idea because that's not what we want to do)
Now, we alternate between getting UnauthorizedAccessException and an IIS7 404 page that suggests the routes are being ignored completely (for example we serve "/favicon.ico" via a controller when the physical file actually lives at /content/images/favicon.ico). We used ProcessMonitor to try to track down the issue but weren't successful.
UPDATE:
This issue is intermittent. We had a brief few minutes where everything worked without making any configuration changes. We're running on EC2, so this could be related to a distributed file system. We're also using a separate drive to store all web site data, we're not using inetpub/wwwroot.
UPDATE 2:
The site works without incident under IIS 7.5, with no configuration changes needed but this is likely due to running with the new AppPoolIdentity. Otherwise it's an identical deployment. Unfortunately we can't run R2 on this EC2 instance.
One of the ways to identifying the cause is using Procmon tool from Sysinternals
Procmon will show the reason for unable to open the file , it will also show who is holding the file.
The issue turned out to be the controller factory we were using not handling file requests properly.
Related
I had created a web application and committed the code in CVS. The web application is working good in my machine. When i tried to import the same code in another machine i am getting 404 error. I tried importing the code via ftp from my machine to another machine and also checking out the code from CVS. But still i get 404 error.
I also noticed that there is no error that had been captured in the console or in the application's log. Could someone help me in how to proceed further in identifying the issue. Please let me know if i need to post any further details regarding the issue.
I notice this issue to be in the Websphere server. I tried hosting the application in different machine and found that in few machine the same code is working good and some it is not. Is there any way to compare the server configuration?
In the WAS server 6.1 i added the below value in the web container and the application worked fine.
Steps:
In the server admin console, click on Application Server--> --> Web container--> custom properties.
Add the name as com.ibm.ws.webcontainer.invokefilterscompatibility and value as true.
Thank you all for the response.
I have a very weird issue deploying an azure cloud Service. I have 1 Web Role with 5 instances and 1 Cache Role with 2 instances.
When I deploy my MVC 5 WebRole from the Azure Portal, deploying starts on the first web instance, then it tells me that the "The role could not be started" due to an error and stops processing the other instances. I did an RDP to the failed instance and truly the MVC application throws an error that it can't find a certain view file "The layout page "..." could not be found at the following path", even though the view in the path specified does exist. So I did an iisreset and the application worked. after I manually fixed the issue the deployment continues to the next instance and the failed instance becomes "Ready".
Anyone has an idea why things don't deploy smoothly anymore or why an iisreset is necessary?
This is relatively recent, around a month.
My environment is:
.NET Framework 4.5.1
MVC 5
Azure SDK 2.4 for VS 2013
Thanks for the help.
FINALLY!! I found the issue and fixed it.
I had a Local Storage Resources to store temporary files and local file caches for certain components, and was configured to reset on role restart. One of the components (Lucene.NET for azure) was locking the files in that local storage, causing the problem on deployment that needed to to IIS reset to release the lock.
I configured the component to cache the files on Windows temp storage instead of the Local Resource and things worked out.
The situation: I have a mvc.net web page which, when called, runs a batch file on my server using System.Diagnostics.Process.Start and cmd.exe. The batch file contains a line that runs "svn.exe update myfilepath" and should therefore update the files on the server.
What's happening?
- the batch file is running, but the call to svn.exe does nothing, nor produces any error messages.
- if I run the batch file by double clicking, the svn command DOES run successfully.
I guess this is a security issue, but I'm no expert on this and I cannot make any headway.
The site is hosted on Windows Server 2008 R2 and the app pool is using the ApplicationPoolIdentity system. I have tried running the app pool as Network Service and also adding Network Service as a user that can Read/Execute to svn.exe.
Please help!
This could be proxy related. It's possible that you access the Internet via a proxy, but that the user profile for the app pool identity isn't configured like this. You may need to use a domain account that you can log on as in order to create a suitable user profile. You will also need to make sure IIS is loading the profile by ticking the appropriate option.
(Another possibility is that the working directory for the process you are starting is not set correctly to the root of your Subversion working copy. We've established this wasn't the problem in your case.)
I've been working for a client's website over the past year. I usually test things locally and then deploy straight to the production website. This has caused us some issues lately so I thought I should create a test/staging environment in which we could thoroughly test new features before pushing them into production.
Anyway, we have a VPS hosting account. I usually use remote desktop to manage the website in IIS. So in order to create a test environment, I copy pasted the folder of the production website inside the same directory (so they are both at the same level) and changed the name of the folder. Then I created a new website in IIS and mapped the physical path to the httpdocs folder inside the copied folder. After that, I setup a new application pool which basically has the same settings of the production website's application pool. I also changed the connection string of the test website.
But then when I tried to view the test website, it did not work the way I expected it to do. I keep getting &ReturnUrl=%2f appended to the query string, and the website is stripped out of its styles (the CSS). I remember this used to happen before when we were still using a shared hosting account, but I have no idea how to fix that.
I really do not know what's wrong. I basically have the same exact setup except I'm using a different port and a different database. I even tried running the test website with the application pool of the production website, but that did not work either...
Any suggestions?
looks like permission problem to me, check if your user has correct privileges in the new folder/app pool :)
I'm trying the WorkSpace.PendAdd method under Microsoft.Teamfoundation.Client namespace to add the local folder to TFS, it works normally when i debug with VS2010, but it doesn't work if it's published to IIS. I also tried giving the full control to the folder, but still no effect. Any idea will be appreciated.
Check to see what identity the web app is running under. Does that ID have appropriate rights in TFS? If you're hosting on a web server that is not also your TFS application tier, you could also be running into the two-hop limitation of passing identity.
When you're running in debug mode, it is probably picking up your credentials, and since your machine counts as hop zero, there's no problem passing them on to the TFS application tier.
I found a solution after checking the versionControl NonFatalError event.
Before the calling to workspace.PendAdd, just call:
Workstation.Current.EnsureUpdateWorkspaceInfoCache(
_versionControl,
_versionControl.AuthenticatedUser);
(for some reason it's the only way the specific file folder path will be mapped when running in IIS)