Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

PRB: "Access denied" Error Message When You Run an ASP.NET 1.0 Application in IIS 6.0


View products that this article applies to.

Symptoms

When you run an ASP.NET Web Application project on a computer running Windows Server 2003 with the .NET Framework 1.0 installed, and the Internet Information Services (IIS) 6.0 is running in IIS 5.0 isolation mode, you may receive the following error message if you do not grant the seImpersonatePrivilege function to the ASPNET account:
System.Web.HttpException: Access denied to 'd:\inetpub\wwwroot\ImpersonateTest\WebForm1.aspx'. Failed to start monitoring file changes.

↑ Back to the top


Resolution

To resolve this problem, grant the seImpersonatePrivilege to your ASPNET account. To do so, follow these steps:
  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Administrative Tools.
  3. Double-click Local Security Policy. Under Local Policies, click User Rights Assignment.
  4. In the details pane, double-click Impersonate a client after authentication.
  5. Click Add, and then assign the permission to the local account that you name ASPNET.
  6. Open a command prompt, and then type iisreset.

↑ Back to the top


Status

This behavior is by design.

↑ Back to the top


More information

Steps to Reproduce the Behavior

Create an ASP.NET Web Application Project

  1. In Microsoft Visual Studio .NET, use Microsoft Visual Basic .NET or Microsoft Visual C# .NET to create a new ASP.NET Web Application project. By default, WebForm1.aspx is created. Name the project ImpersonateTest.
  2. Double-click Design View of WebForm1.aspx, and then replace the code that exists in the code-behind page with the following code:

    Visual C# .NET Code
    using System;
    using System.IO;
    
    namespace ImpersonateTest
    {
    	/// <summary>
    	/// Summary description for WebForm2.
    	/// </summary>
    	public class WebForm1 : System.Web.UI.Page
    	{
    		string file_name = "C:\\TestFolder\\MyFile.txt";
    		private void Page_Load(object sender, System.EventArgs e)
    		{
             if (!File.Exists(file_name)) 
             {        
                Response.Write("File not found ");
                return;
             }
             StreamReader sr = File.OpenText(file_name);
             String input;
             while ((input=sr.ReadLine())!=null) 
             {        
                Response.Write(input);
             }
             sr.Close();
           
    		}
    
    		#region Web Form Designer generated code
    		override protected void OnInit(EventArgs e)
    		{
    			//
    			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
    			//
    			InitializeComponent();
    			base.OnInit(e);
    		}
    		
    		/// <summary>
    		/// Required method for Designer support - do not modify
    		/// the contents of this method with the code editor.
    		/// </summary>
    		private void InitializeComponent()
    		{    
    			this.Load += new System.EventHandler(this.Page_Load);
    		}
    		#endregion
    	}
    }
    
    Visual Basic .NET Code
    Imports System.IO
    Imports System
    
    Public Class WebForm1
       Inherits System.Web.UI.Page
    
    #Region " Web Form Designer Generated Code "
    
       'This call is required by the Web Form Designer.
       <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
    
       End Sub
    
       Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
          'CODEGEN: This method call is required by the Web Form Designer
          'Do not modify it using the code editor.
          InitializeComponent()
       End Sub
    
    #End Region
       Dim file_name As String = "C:\TestFolder\MyFile.txt"
       Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    
          If Not File.Exists(file_name) Then
    
             Response.Write("File not found ")
             Return
    
          End If
    
          Dim sr As StreamReader = File.OpenText(file_name)
          Dim input As String
          input = sr.ReadLine()
          While Not input Is Nothing
             Response.Write(input)
             input = sr.ReadLine()
          End While
          sr.Close()   
       End Sub
    End Class
    
  3. On the Build menu, click BuildSolution.
  4. Create a folder named TestFolder.
  5. Open Microsoft Notepad, create a text file, and then save the file as MyFile.txt in the following location: C:\TestFolder\.

Create a User Account

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Computer Management.
  2. In Computer Management, expand System Tools, and then expand Local Users and Groups.
  3. Right-click Users, and then click New User.
  4. In the User Name text box, type ImpersonateUser. In the Password and in the Confirm Password text boxes, type the word, password. Click to clear the User must change password at next logon check box.
  5. Click Create, and then click Close.

Add a User Account to the IIS_WPG Group

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Computer Management.
  2. In Computer Management, expand System Tools, expand Local Users and Groups, and then click Groups.
  3. Double-click IIS_WPG .
  4. In the IIS_WPG Properties dialog box, click Add to add the ImpersonateUser user to the IIS_WPG Users group.
  5. In the Select Users or Groups dialog box, type ServerName\ImpersonateUser in the textbox, click OK, and then click OK again.

Set Access Permissions to the Folder

  1. In Windows Explorer, locate TestFolder.
  2. Right-click TestFolder, and then click Properties.
  3. On the Security tab, click Add.
  4. Type ServerName\ImpersonateUser\, and then click OK.
    Allow the following permissions for the ImpersonateAccount:
    • Read & Execute
    • List Folder Contents
    • Read
  5. Click OK.

Enable Impersonation for the Application

  1. Open the Web.config file.
  2. Add an <identify> section in the <system.web> tag section as follows:
    <identity impersonate="true" 
              userName="servername\ImpersonateUser"
              password="password"/>
    
  3. Save the Web.config file, and then close it.

Test the Application

  1. Type the following URL in the browser:
    http://localhost/ImpersonateTest/WebForm1.aspx
  2. You receive the error message mentioned in the "Symptoms" section.

↑ Back to the top


References

For more information about ASP.NET Impersonation, visit the following Microsoft Developer Network Web site:

↑ Back to the top


Keywords: KB817033, kbprb, kbconfig, kbweb, kbwebforms, kbsecurity

↑ Back to the top

Article Info
Article ID : 817033
Revision : 12
Created on : 12/3/2007
Published on : 12/3/2007
Exists online : False
Views : 455