PRB: "Access denied" Error Message When You Run an ASP.NET 1.0 Application in IIS 6.0

View products that this article applies to.

Symptoms

When you run an ASP.NET Web Application project on a computer running Windows Server 2003 with the .NET Framework 1.0 installed, and the Internet Information Services (IIS) 6.0 is running in IIS 5.0 isolation mode, you may receive the following error message if you do not grant the seImpersonatePrivilege function to the ASPNET account:

System.Web.HttpException: Access denied to 'd:\inetpub\wwwroot\ImpersonateTest\WebForm1.aspx'. Failed to start monitoring file changes.

↑ Back to the top

Resolution

To resolve this problem, grant the seImpersonatePrivilege to your ASPNET account. To do so, follow these steps:

Click Start, point to Settings, and then click Control Panel.
Double-click Administrative Tools.
Double-click Local Security Policy. Under Local Policies, click User Rights Assignment.
In the details pane, double-click Impersonate a client after authentication.
Click Add, and then assign the permission to the local account that you name ASPNET.
Open a command prompt, and then type iisreset.

↑ Back to the top

Status

This behavior is by design.

↑ Back to the top

More information

Steps to Reproduce the Behavior

Create an ASP.NET Web Application Project

In Microsoft Visual Studio .NET, use Microsoft Visual Basic .NET or Microsoft Visual C# .NET to create a new ASP.NET Web Application project. By default, WebForm1.aspx is created. Name the project ImpersonateTest.

Double-click Design View of WebForm1.aspx, and then replace the code that exists in the code-behind page with the following code:

Visual C# .NET Code

using System;
using System.IO;

namespace ImpersonateTest
{
	/// <summary>
	/// Summary description for WebForm2.
	/// </summary>
	public class WebForm1 : System.Web.UI.Page
	{
		string file_name = "C:\\TestFolder\\MyFile.txt";
		private void Page_Load(object sender, System.EventArgs e)
		{
         if (!File.Exists(file_name)) 
         {        
            Response.Write("File not found ");
            return;
         }
         StreamReader sr = File.OpenText(file_name);
         String input;
         while ((input=sr.ReadLine())!=null) 
         {        
            Response.Write(input);
         }
         sr.Close();
       
		}

		#region Web Form Designer generated code
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{    
			this.Load += new System.EventHandler(this.Page_Load);
		}
		#endregion
	}
}

Visual Basic .NET Code

Imports System.IO
Imports System

Public Class WebForm1
   Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

   'This call is required by the Web Form Designer.
   <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

   End Sub

   Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
      'CODEGEN: This method call is required by the Web Form Designer
      'Do not modify it using the code editor.
      InitializeComponent()
   End Sub

#End Region
   Dim file_name As String = "C:\TestFolder\MyFile.txt"
   Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

      If Not File.Exists(file_name) Then

         Response.Write("File not found ")
         Return

      End If

      Dim sr As StreamReader = File.OpenText(file_name)
      Dim input As String
      input = sr.ReadLine()
      While Not input Is Nothing
         Response.Write(input)
         input = sr.ReadLine()
      End While
      sr.Close()   
   End Sub
End Class

On the Build menu, click BuildSolution.
Create a folder named TestFolder.
Open Microsoft Notepad, create a text file, and then save the file as MyFile.txt in the following location: C:\TestFolder\.

Create a User Account

Click Start, point to All Programs, point to Administrative Tools, and then click Computer Management.
In Computer Management, expand System Tools, and then expand Local Users and Groups.
Right-click Users, and then click New User.
In the User Name text box, type ImpersonateUser. In the Password and in the Confirm Password text boxes, type the word, password. Click to clear the User must change password at next logon check box.
Click Create, and then click Close.

Add a User Account to the IIS_WPG Group

Click Start, point to All Programs, point to Administrative Tools, and then click Computer Management.
In Computer Management, expand System Tools, expand Local Users and Groups, and then click Groups.
Double-click IIS_WPG .
In the IIS_WPG Properties dialog box, click Add to add the ImpersonateUser user to the IIS_WPG Users group.
In the Select Users or Groups dialog box, type ServerName\ImpersonateUser in the textbox, click OK, and then click OK again.

Set Access Permissions to the Folder

In Windows Explorer, locate TestFolder.
Right-click TestFolder, and then click Properties.
On the Security tab, click Add.
Type ServerName\ImpersonateUser\, and then click OK.
Allow the following permissions for the ImpersonateAccount:
- Read & Execute
- List Folder Contents
- Read
Click OK.

Enable Impersonation for the Application

Open the Web.config file.

Add an <identify> section in the <system.web> tag section as follows:

<identity impersonate="true" 
          userName="servername\ImpersonateUser"
          password="password"/>

Save the Web.config file, and then close it.

Test the Application

Type the following URL in the browser:
http://localhost/ImpersonateTest/WebForm1.aspx
You receive the error message mentioned in the "Symptoms" section.

↑ Back to the top