Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FIX: "ConfigurationException" Error Message When Impersonated Accounts Read Configuration


View products that this article applies to.

Symptoms

If your Web server is under high memory consumption, you may receive the following error message when you browse to ASP.NET pages:
[ConfigurationException]: The XML file c:\inetpub\wwwroot\ASPNETAPP\web.config could not be loaded.
Access to the path "c:\inetpub\wwwroot\ASPNETAPP\web.config" is denied.(c:\inetpub\wwwroot\ASPNETAPP\web.config)
After you receive this error, any other users who access this application receive the error as well, even if they have sufficient permissions to read the configuration files.

↑ Back to the top


Cause

When an application is activated, ASP.NET uses the process identity to read configuration data. The configuration data is then cached and reused across subsequent requests.

However, under high memory consumption, ASP.NET may discard configuration data from the cache, which forces it to be read again when it is needed. When this occurs, ASP.NET can use the impersonated identity rather than the process identity to read the configuration data.

This problem does not occur if impersonation is not used for a given application. In that scenario, only the account in which the process is configured to run needs Read access to the configuration files.

↑ Back to the top


Resolution

To work around this problem, ensure that the accounts under which you may run code have Read (R) access to the configuration files in the application hierarchy. After you apply the Read permissions, restart Microsoft Internet Information Server (IIS).

↑ Back to the top


Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. This bug was corrected in ASP.NET (included with the .NET Framework) 1.1.

↑ Back to the top


More information

The default configuration of ASP.NET does not allow configuration files to be accessed through the Web space, regardless of Access Control Lists (ACLs) on the configuration file.

↑ Back to the top


References

For an overview on ASP.NET security, see the following Microsoft Knowledge Base article:
306590 INFO: ASP.NET Security Overview

↑ Back to the top


Properties

Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

↑ Back to the top


Keywords: KB311094, kbsecurity, kbreadme, kbpending, kbconfig, kbbug, kbfix

↑ Back to the top

Article Info
Article ID : 311094
Revision : 3
Created on : 3/26/2003
Published on : 3/26/2003
Exists online : False
Views : 527