Is there some how-to to make asp.net 2.0 web projects run on network share (storing web site files on network share).
I constantly getting Server Application Unavailable.
In event viewer I two errors.
First: Failed to execute request because the App-Domain could not be created. Error: 0x80070005 Access is denied.
Second: Failed to initialize the AppDomain:/LM/W3SVC/1121149571/Root
Exception: System.IO.FileLoadException
Message: Could not load file or assembly 'System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.
StackTrace: at System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(String assemblyName, String typeName)
at System.AppDomain.CreateInstance(String assemblyName, String typeName)
at System.AppDomain.CreateInstance(String assemblyName, String typeName)
at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironmentAndReportErrors(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I understand, that it is security problem. But website is running under domain account, which has access to folder, identity impersonate set to true. This always worked fine to asp.net 1 projects, but for framework 2 does not.
PLEASE, HELP...I'm out of ideas.
It is UNC path (DFS).
No, local ASP.NET process account does not have access? Should I give it? <identity impersonate> does not work any more on .net 2.0?
The application pool runs under its own identity, and is the account that needs access. I believe Server 2003 SP1 tightend some security on impersonated access, though for the life of me I can't find a KB article or reference to that effect. Many organizations
will set the app pool identity to a domain account for this type of access, the normal NETWORK SERVICE identity is a local account. Creating a domain account for this and adding it to the local IIS_WPG group makes connections between systems easier.
Started website's application pool under domain account, added domain account to IIS_PWG.
Error changed to another one:
Security Exception
Description:
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Reflection.Assembly.GetType(String name, Boolean throwOnError, Boolean ignoreCase) +0 System.Web.UI.TemplateParser.GetType(String typeName, Boolean ignoreCase, Boolean throwOnError) +270 System.Web.UI.TemplateParser.ProcessInheritsAttribute(String baseTypeName, String codeFileBaseTypeName, String src, Assembly assembly) +163 System.Web.UI.TemplateParser.PostProcessMainDirectiveAttributes(IDictionary parseData) +192
I figured it out. It was a trust issue. I fixed the problem (for now) by adding a new code group to the Machine Runtime Security Policy. This blog post helped me:
Go to:
.Net Framework 2.0 Configuration
My Computer
Runtime Security Policy
Machine
Code Groups
All_Code
Right-click All_Code and select "New..."
Give it some name and click Next.
For the condition, choose "URL" and enter "\\<server>\<share>\*" for the URL. Click Next.
Select the "Full Trust" Permission Set. Click Next then Finish.
As the article I link to notes, it's better to use strongly named assemblies and do your trust that way. I'll get there, but this solved it in the meantime.
Note, mscorcfg.msc is not in the .NET 2.0 redistributable (as it had bin in 1.x). You need to install the SDK.
I think, this is the second step of solution, but by default installation mscorcfg.msc is not installed for .Net Framework 2.0 configuration. They says that this snap-in comes with SDK. I'll confirm if it will help, when my administrator will install it on
my server.
DrewTheRat
I figured it out. It was a trust issue. I fixed the problem (for now) by adding a new code group to the Machine Runtime Security Policy. This blog post helped me:
Go to:
.Net Framework 2.0 Configuration
My Computer
Runtime Security Policy
Machine
Code Groups
All_Code
Right-click All_Code and select "New..."
Give it some name and click Next.
For the condition, choose "URL" and enter "\\<server>\<share>\*" for the URL. Click Next.
Select the "Full Trust" Permission Set. Click Next then Finish.
As the article I link to notes, it's better to use strongly named assemblies and do your trust that way. I'll get there, but this solved it in the meantime.
Note, mscorcfg.msc is not in the .NET 2.0 redistributable (as it had bin in 1.x). You need to install the SDK.
sergey_okhot...
Member
97 Points
29 Posts
ASP.NET 2.0 on network share
May 18, 2006 07:17 AM|LINK
I constantly getting Server Application Unavailable.
In event viewer I two errors.
First: Failed to execute request because the App-Domain could not be created. Error: 0x80070005 Access is denied.
Second: Failed to initialize the AppDomain:/LM/W3SVC/1121149571/Root
Exception: System.IO.FileLoadException
Message: Could not load file or assembly 'System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.
StackTrace: at System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(String assemblyName, String typeName)
at System.AppDomain.CreateInstance(String assemblyName, String typeName)
at System.AppDomain.CreateInstance(String assemblyName, String typeName)
at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironmentAndReportErrors(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I understand, that it is security problem. But website is running under domain account, which has access to folder, identity impersonate set to true. This always worked fine to asp.net 1 projects, but for framework 2 does not.
PLEASE, HELP...I'm out of ideas.
jeff@zina.co...
All-Star
87677 Points
11637 Posts
Moderator
Re: ASP.NET 2.0 on network share
May 18, 2006 07:41 PM|LINK
UNC path or shared drive? ASP.NET process acoount has access?
Jeff
sergey_okhot...
Member
97 Points
29 Posts
Re: ASP.NET 2.0 on network share
May 19, 2006 09:35 AM|LINK
No, local ASP.NET process account does not have access? Should I give it? <identity impersonate> does not work any more on .net 2.0?
jeff@zina.co...
All-Star
87677 Points
11637 Posts
Moderator
Re: ASP.NET 2.0 on network share
May 19, 2006 01:55 PM|LINK
The application pool runs under its own identity, and is the account that needs access. I believe Server 2003 SP1 tightend some security on impersonated access, though for the life of me I can't find a KB article or reference to that effect. Many organizations will set the app pool identity to a domain account for this type of access, the normal NETWORK SERVICE identity is a local account. Creating a domain account for this and adding it to the local IIS_WPG group makes connections between systems easier.
Jeff
sergey_okhot...
Member
97 Points
29 Posts
Re: ASP.NET 2.0 on network share
May 22, 2006 09:27 AM|LINK
Error changed to another one:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
Stack Trace:
jeff@zina.co...
All-Star
87677 Points
11637 Posts
Moderator
Re: ASP.NET 2.0 on network share
May 22, 2006 11:02 AM|LINK
Did you look at the trust levels?
Jeff
DrewTheRat
Member
25 Points
7 Posts
Re: ASP.NET 2.0 on network share
May 22, 2006 08:37 PM|LINK
You are not alone. I'm getting this same error....
I created the user, made it the Application Pool user, added it to IIS_IPG.
I confirmed it has permission to the share.
I ran aspnet_regiis -ga <user> with the user.
I configured the virtual directory in IIS to use the share.
I tried impersonating the user in my web.config.
I'm at a loss.
"That's AC current for ya!"
DrewTheRat
Member
25 Points
7 Posts
Re: ASP.NET 2.0 on network share
May 22, 2006 09:49 PM|LINK
I figured it out. It was a trust issue. I fixed the problem (for now) by adding a new code group to the Machine Runtime Security Policy. This blog post helped me:
http://blogs.msdn.com/shawnfa/archive/2003/06/20/57023.aspx
Here are the steps I used:
.Net Framework 2.0 Configuration
My Computer
Runtime Security Policy
Machine
Code Groups
All_Code
As the article I link to notes, it's better to use strongly named assemblies and do your trust that way. I'll get there, but this solved it in the meantime.
Note, mscorcfg.msc is not in the .NET 2.0 redistributable (as it had bin in 1.x). You need to install the SDK.
"That's AC current for ya!"
sergey_okhot...
Member
97 Points
29 Posts
Re: ASP.NET 2.0 on network share
May 23, 2006 09:30 AM|LINK
DrewTheRat
Member
25 Points
7 Posts
Re: ASP.NET 2.0 on network share
May 23, 2006 02:15 PM|LINK
It is definitely in the SDK. I discovered this yesterday when I tried to edit the security policy.
"That's AC current for ya!"