0

I have two very similar ASP Classic apps that both use Windows Authentication and run on the same development PC (Windows 7/IIS 7.5).

They've been around for years, and have 'travelled' with me as I've upgraded PCs through the years. One works fine, but the other doesn't - I can't say for sure whether it has ever worked on this particular PC, since it has been a while since I've had to work on it, but I think it has been working in the recent past.

My problem is that when I browse the site, I get the following error:

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid
Cannot read configuration file due to insufficient permissions

The curious thing is that it claims to have insufficient privileges to access web.config - but there is no web.config!

In the application settings, if we test the connection, an error is reported:

Authorization: Application pool identity cannot access path

As far as I can tell, both applications are configured identically:

  • Both use the same Application Pool
  • The identity of the pool (a domain user) has identical permissions to the application folder (Read + Modify)
  • Both are configured for Windows Authentication

I'm stumped! Any ideas?

EDIT: Full error information:

**Detailed Error Information**
Module  IIS Web Core
Notification    BeginRequest
Handler Not yet determined
Error Code  0x80070005
Config Error    Cannot read configuration file due to insufficient permissions
Config File \\?\D:\Projects\Scope2\web.config
Requested URL   http://myserver:80/scope2/
Physical Path   D:\Projects\Scope2\
Logon Method    Not yet determined
Logon User  Not yet determined
CJM
  • 730
  • 2
  • 12
  • 28

1 Answers1

2

Best guess:

The application pool seems to be having difficulty reading a web.config file in the directory or one of its subfolders. NTFS permissions probably prevent it from doing so.

The app pool starts up as the Application Pool Identity configured in App Pool Properties. This account needs to be able to enumerate all folders within the website, to read the web.config files that live there.

IIS 7.x stores its configuration in web.config files - if any subfolder bars access to the App Pool account, you're going to have difficulties.

I think the second part of the message indicates that the current App Pool identity doesn't have read access to the folder it's naming there.

If you grant - for example - Everyone: Read to that folder it's referring to, if the error comes back, it'll probably name a different folder.

You can allow IIS_IUSRS Read access to all your website folders, but that's a fairly broad solution; what you really need to do is allow your App Pool account Read access to the entire contents of the website (and subfolders). (and only Read (never Modify or Write) unless you're a very special case (assume you're not))

Alternatively, you can set the allowSubdirConfig property at the site level to prevent searching lower-level subfolders for web.config files: http://msdn.microsoft.com/en-us/library/ms689463.aspx

TristanK
  • 8,953
  • 2
  • 27
  • 39
  • The problem is, there is no web.config file. It is an ASP Classic application. – CJM Jun 03 '11 at 10:02
  • IIS doesn't know that without looking. IIS uses web.config to manage IIS settings, not just ASP.Net settings. So you'll either need to allow access to the app pool identity so it can look for a web.config file, or set the allowSubdirConfig property to false to stop it looking. Make sense? – TristanK Jun 03 '11 at 14:12
  • It's academic - the App Pool identity has modify access from one level above the application root downwards... I've specifically re-checked the effective permissions at the application level. Furthermore, my other (near-identical) app, doesn't have the same issue. – CJM Jun 03 '11 at 20:08
  • OK - I'd be comparing the %windir%\system32\inetsrv\config\ApplicationHost.config files between machines. – TristanK Jun 04 '11 at 09:54
  • OK - I'm away on business for a week, but will check this when I get back. – CJM Jun 04 '11 at 21:09