Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

PRB: Security Toolkit Breaks ASP.NET Debugging in Visual Studio .NET


View products that this article applies to.

Symptoms

When you debug ASP.NET programs in Visual Studio .NET after you install the Microsoft Security Toolkit, you receive the following error message:
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged.

For ASP.NET projects, verify that you have a valid project file called 'Web.config' for the URL specified and 'debug' is set to 'true' in that file.
For ATL Server projects, verify that the 'DEBUG' verb is associated with your ISAPI extension.
Would you like to disable future attempts to debug ASP.NET pages for this project?

↑ Back to the top


Cause

The Microsoft Security Toolkit locks down the server so that it only permits certain verbs to be passed through to Microsoft Internet Information Services (IIS). The verb "debug" is not added to the list of approved verbs.

↑ Back to the top


Resolution

To resolve this problem, locate the Urlscan.ini file in the WinNT\System32\Inetsrv\Urlscan folder. Under the [AllowVerbs] section of Urlscan.ini, add "debug" verbs to the list of approved verbs. Note that adding verbs to the [AllowVerbs] section of Urlscan.ini may lead to possible security compromises, you must also run "iisreset" to clear the cache.

If you do not want to allow the "debug" verb, you can manually attach to the Aspnet_wp.exe (or W3wp.exe, for applications that run on Internet Information Services [IIS] 6.0 ) process to debug in Visual Studio .NET.

↑ Back to the top


References

For more information about the Microsoft Security Toolkit, see the following Microsoft Web site:
Microsoft Security Tool Kit: Guides, Updates, and Tools
http://technet.microsoft.com/en-us/security/cc297183.aspx

For more information about the UrlScan Security Tool, see the following Microsoft Web site:

↑ Back to the top


Keywords: kbsecurity, kberrmsg, kbprb, kbreadme, kbsectools, kbdebug, KB310588

↑ Back to the top

Article Info
Article ID : 310588
Revision : 14
Created on : 3/22/2007
Published on : 3/22/2007
Exists online : False
Views : 679