I'm trying to get a site working on IIS7 with classic ASP and having problems. I've created a directory and added both Network Service and IIS_IUSRS with full control. I've also changed the anonymous authentication to the application pool identity, but still no joy. I really have no idea what to try next.
Have you made sure that Classic ASP is installed? It's an extra option which can be here: Control Panel/Programs/Windows Features/Internet Information Services/Www services/Application Development Features/ASP.
Related
I have spent 12 hours on this, tried everything that I have read about, but I cannot get a new server farm we have,the website to write to a shared folder.
I have set the application pools, even temporarily (just to try it out) to admin accounts and even set the folder to be available for "everyone".
We have a network specialist who cannot figure it out either, in his favour he does not understand IIS very well and keeps away from it, but at the end of the day, its just a User account and permissions as far as I can see and I have set up the exact same website on a previous W2012 server and IIS 8.5, 7.5 and 6 without major issues (abeit registering 32bit DLLs in a 64bit environment) but all that has gone well and no issue (except for reading and writing to a shared folder).
SO breaking it down to its simplest form, I used a simple FSO script to write a text file in the shared folder, this clearly came back with "Permission denied line X".
Running the script through cscript as a VBS file, it works, running it through IIS. No chance.
Im not going to give up, but running as the top admin login (I had the network guy use HIS identity in the application pool) its not happening.
32bit has been enabled, yes, folder permissions set, yes.
Im at my wits end with the thing. Anything to suggest, I would be happy to listen and try.
Thanks all.
Update: I can write to the same MACHINE as IIS, any folder as long as I set the appropriate permissions. The difference between from this shared folder (I am working on a server farm, I forgot to mention that) is - when you do the security, locations "IIS AppPool\poolidentity" to add the user, it works on the same server, when I try to add that user on the shared folder on the networked server, that user does not appear - does this give any clues?
Ok - for me, after all the right things that I had done, was something I had not tried.
Select the site in IIS, so you sell all the icons for ASP, Authentication, Autohorization Rules, CGI etc.. - select the Authentication and Open Feature
You will see Anonymous Authentication (Enabled), ASP.NET Impersonation (Disabled), Basic Authentication (Disabled) and so on.
Select the Anonymous Authentication, right click Edit - by default it was set to "Specific User" IUSR - now for me, that did not work - so clicked on Application Pool Identity and boom, now its working.
Hope that helps someone else.
I am supporting a classic asp application developed by another developer. This application will be public facing. Before making it public our network team ran a Security Scan and found some issues. One of the issue mentioned by them is as follows:
Fix Microsoft IIS ISAPI Extension Enumerate Root Web Server Directory Vulnerability
and they provided following steps to resolve this:
You can configure IIS 7 to check for the existence of a file before returning an error message.
Go to Handler Mappings
For all enabled IISAPI mappings, Edit ->
Request Restrictions -> Check 'Invoke handler only if request is
mapped to: File'
Disable all unused mappings.
This will address the
following issue: Microsoft IIS ISAPI Extension Enumerate Root Web
Server Directory Vulnerability (HTTP-IIS- 0013).
I am not familiar with Classic ASP but I checked Handler mapping and tried the steps mentioned above. Following are my questions:
Is there an easy way to identify handlers which are not being used?
there are 50+ handlers do I need to click each one of those to invoke handler only if request is mapped to: File
Can this all be handled from Web.config?
Instead of changing the mappings you should be able to turn off detailed error messages for remote users.
In IIS manager select your website, click on error pages, edit feature settings, choose detailed errors for local requests and custom error pages for remote requests.
I have Visual Studio 2013 and a pretty basic MVC web application.
When I am connected to my work network (hard wire or VPN) I can open up VS without issue. However when not connected to my work network I get the following error:
---------------------------
Microsoft Visual Studio
---------------------------
Creation of the virtual directory http://localhost:54156/ failed with the error: Unable to access the IIS metabase. You do not have sufficient privilege to access IIS web sites on your machine.
---------------------------
OK
---------------------------
I've tried granting my user rights to IIS via the aspnet_regiis -ga mydomain\myuser and that did not help.
I am certainly running VS as an administrator. It works just fine when connected to the network. Our security and server teams do not seem to understand why this would behave this way.
Is this IIS Express? I (and those I work with) often get a similar error due to the domain login script encrypting My Documents. It's fixed by simply decrypting
Documents\IISExpress\config\applicationhost.config
Not sure if that's the issue here though;
Ultimately I believe this to be an issue between our network policies and the IIS and .NET installs.
When I was off network it could not access the cached user folders. Switching from having the home drives on network to having them local did not fix the issue (assuming some files were still referencing the network location).
I had my system refreshed and started with my user folders as local and have not had the issue since.
I know it's an old question, but at my location the user profile is stored on the network. When I checked to see if the IISExpress application was encrypted as Chad Schouggins suggested, I didn't even have a documents folder. Ultimately, the answer was really simple:
turn the machine off and back on again.
hi i am comletly new to iis and asp.net i am trying to setup bugNET on a godaddy server. i created a virtual directory and once i tried to launch the site i get this error:
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
here is complete detail of what i did.
hosting: godaddy
created virtual directory (child folder of root) - named: devbunk with these settings (anonymous access, directory browsing)
that is all i can do to with iis on godaddy.
the error tells me that i need to turn the virtual directory as an application. godaddy doesnt let me do that... how do i do it? btw, i have iis7 setup.
You can configure this with Godaddy Hosting Control Center. log in to godaddy hosting center.
Go to Content >> IIS Management.
Click on the pencil icon to edit your selected directory.
you will get a popped up screen with three check boxes. You need to check the one that says "Set Application Root".
Click Ok and your directory will be configured as an application in IIS.
Hope this helps you and feel free to ping me if you need more info.
You need godaddy to do that, usually hosters do offer the ability to convert a regular folder as an application through their Control Panel, so if you have access to one search for that option. Other hosters give access through IIS Manager and Web Deploy to convert folders to applications as well, but it boils down to "you need your hoster to do that".
There are no ways for you to do that through Web.config or FTP or etc. I think Front Page Server Extensions did had a way as well. The best thing is contact your hoster and ask them what is the right way of doing this. Usually all hosters will allow you to create as many applications as you need as long as they run the same .net version.
Check the properties on Web.Config to ensure "Copy to Output Directory" is set to "Do not copy"
I have deployed a web site to a Win 2008 Web server with IIS7. The site works fine on a Win 2003 Standard server with IIS6. On the 2008 box, whenever I request a page (htm or aspx) from a folder named Reports, I get challenged with the Windows Authentication dialog box.
I have Anonymous Authentication and Forms Authentication enabled on the site. I applied Full Control permissions to the root of the site for both NETWORK SERVICE and IIS_IUSRS, but that hasn't make a difference.
Like a previous post already mentioned, here are the detailed steps to fix this:)
If there is a folder in the application named "Reports" and SQL Server Reporting Services are installedon the server, then Reporting Services Virtual Directory folder that is also named "Reports" will be in conflict with the application "Reports" folder.
To fix this open Reporting Services Configuration Manager (Start->All Programs->MS SQL Server->Configuraton Tools) and change the Virtual Directory under the "Report Manager URL" in the menu on the left.
Did you install MSSQL Reporting Services on your new machine? It'll use the Reports folder for the reporting toolkit (default setting) and under MSSQL 2008 you can't enable anonymous Access out of the box.
whats is the authentication mode in your web.config, verify that is not in Windows
<authentication mode="Windows" />
also be sure to disable integrated windows authentication in iis
You could try running FileMon from SysInternals to see if it is the file system that is sending back the "access denied".
Quote from another forum that solved this issue for me:
"SQL Server Reporting Services creates a folder called Reports by default if you install it on IIS. If you install SQL 2008 then Reporting Services doesn't need to use IIS and instead will try to reserve the URL with the HTTP.Sys service.
I believe this is the cause of the conflict you are seeing. What you could try is changing the URL that Reporting Services uses via the SQL Server Reporting Services Configuration Manager."
Well speaking on the same subject here, yesterday I was deploying my application on Windows Server 2008 running IIS7 w/MSSQL 2008 on there too. In my website's tree structure I had a folder named Reports that had a subfolder in it, and then the actual pages. It looked like this "Reports/SalaryReports/SalaryReport.aspx" The interesting thing was that when I clicked on a hyperlink to go to "Reports/SalaryReports/SalaryReport.aspx" I got a username/password prompt from my server. This did not happen on the VS development server when I ran the application on the development machine. So I was like hmm? I looked at the code-behind in SalaryReport.aspx and did not find anything unusual. So then I put a Default.aspx directly in the Reports folder (thinking maybe it was something wrong with the authentication going two nodes down from the root to get to SalaryReport.aspx) but the server still requested username/password even though there was no security settings applied to this new Default.aspx. So I figured it must be that the folder is named "Reports", so I renamed it to "Reports1" and bigno! Everything worked!....I will still look further in this issue today, but it seems that either an IIS 7 HttpModule (not one of mine) is trying to "reserve" the folder that is named "Reports" for itself or something else...I'll look into the SQL Server Reporting services as the above post mentioned...
Anyways, just wanted to share:)
I'm supposing you don't have a SQL Reporting Services running on the same server:
1 - Give rights to user "IUSR" and the user that's running your application pool.
2 - Overwrite child folder permissions and ownership.
2 - Check if there's a web.config file on that folder setting different access rules.