I've recently encountered an error trying to host my asp.net site with IIS. I have found a solution that many swear by.
Solution:
- Add IIS_IUSRS with Read permission on files in the folder
- Change IIS authentication method to BasicAuthentication
- refresh the website. It will work
(http://vivekthangaswamy.blogspot.com/2009/07/aspnet-website-cannot-read.html)
What do I add to my web.config file though? I've never had to edit it before. Here is its current contents:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
</system.web>
</configuration>
My error is:
Config Error: Cannot read configuration file due to insufficient permissions
Config File: \?\C:\Users*****\Documents\Visual Studio2010\WebSites\PointsForTime\web.config
This question is related to
asp.net
iis-7
file-permissions
I was running a website at localhost/MyApp built and run through Visual Studio - via a Virtual Directory created by Visual Studio itself.
The "solution" for me was to delete the Virtual Directory and let Visual Studio recreate it.
The above answers were helpful, but in case this helps anyone - I had this exact problem, and it turned out that I was (windows networking) sharing the root folder that the site was being hosted from. We killed the share, and added the Users permission to read/execute and it worked again just fine.
I suspect the share messed it up.
I have solved this by adding read permission to folder for application pool user (WIN SERVER 2008 R2): C:\Windows\System32\inetsrv\config
A little background: Our server has been hacked using classical error where app user had more permissions that it should (local admin).
To fix it we created new domain user that had only permissions on application folder, with min needed rights and assigned it as application pool user. than we hit in the issue and this was solution to our problems.
Changing the Process Model Identity to LocalSystem fixed this issue for me. You can find this setting if you right click on the application pool and chose "Advanced Settings". I'm running IIS 7.5.
I had what appeared to be the same permissions issue on the web.config
file.
However, my problem was caused by IIS failing to load the config file because it contained URL rewrite rules and I hadn't installed the IIS URL rewrite module on the new server.
Solution: Install the rewrite module.
Hope that saves somebody a few hours.
I had the same problem when I tried to share the site root folder with another user. Some folder lost the permission. So I followed the steps to add permission to IIS_IUSRS group as suggested by Afshin Gh. The problem is this group was not available for me. I am using windows 7.
What I did I just changed some steps:
That worked for me.
We had a website running with a specific identity in the apppool, only after giving that user read access to the folder containing the web.config would it work. We tracked this down after adding the 'everyone' user with read and everything worked fine.
I needed to add permissions to IUSR (in addition to ISS-IUSRS, as others have suggested). (See also: http://codeasp.net/blogs/raghav_khunger/microsoft-net/2099/iis-7-5-windows-7-http-error-401-3-unauthorized)
I had the same issue and after doing all the stuff written here as answers, it still reproduced. The second half of the issue was the fact that .NET was turned off under "Turn Windows features on or off"
Make the file accessible to the IIS_IUSRS group. Right click your web.config, expand properties, and under security tab, add IIS_IUSRS. Give the group read/write access.
When the group is NOT available, replace IIS_IUSRS by ComputerName\IIS_IUSRS
I had this same issue and none of these solutions worked for me. I kept getting the same error and one about "Failed to start monitoring changes" in the event viewer.
The only thing that worked was to copy the folder and rename it back. It must have been a corrupted folder in Windows that IIS/ASP.NET could not access.
Shift your project to some drive other than C: Worked for me with the same error.
For me the error turned up during Debugging on my local machine and turned out to be related to the base web.config, which is initiated by the .NET Framework when compiling the website. My C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config file had an unrecognized element (folderLevelBuildProviders). Fixing this fixed the 500.19 error.
See this: IIS Manager can't configure .NET Compilation on .NET 4 Applications
I gave permission and used ICACLS.exe but didn't work. Then I changed the physical path and it worked successfully.
(IIS 8.5 windows 2012 R2)
Had this issue with a Virtual Application. All the permissions were set. IIS_IUSRS, AppPoolIdentity and then gave full access to Everyone. Nothing worked. Restarted apppool, site and IIS but No go.
Deleted the virtual application and added it again from scratch and it started working.
Wish I knew what solved it.
All answers given are valid and working under different circumstances.
For me, restarting Visual Studio worked.
I had this error message that turned out to be due to my physical folder being located on a network drive as opposed to the local drive. It seems the permissions on such drives by default can be different. For example, while the local drive location gave permission to the users of the local computer, the network location did not.
Further, the accepted answer does not work for such a case. The local users or IIS users were not an available to assign permissions to. The solution was to move the physical folder to the local drive.
Instead of giving access to all IIS users like IIS_IUSRS
you can also give access only to the Application Pool Identity using the site. This is the recommended approach by Microsoft and more information can be found here:
https://support.microsoft.com/en-za/help/4466942/understanding-identities-in-iis
https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
Fix:
Start by looking at Config File parameter above to determine the location that needs access. The entire publish
folder in this case needs access. Right click on the folder and select properties and then the Security tab.
Click on Edit...
and then Add...
.
Now look at Internet Information Services (IIS) Manager and Application Pools:
In my case my site runs under LocalTest Application Pool and then I enter the name IIS AppPool\LocalTest
Press Check Names
and the user should be found.
Give the user the needed access (Default: Read & Execute, List folder contents and Read) and everything should work.
Sometimes if it is a new server you need to configure or install ASP.NET feature on IIS for it to be able to read your web.config file.
In my case this was the reason.
This can happen if your application is in a virtual directory and the path to the files is a mapped drive.
If you change the path to the files to a local drive, this will solve it, if that indeed is your problem.
I was receiving the "Cannot read configuration file due to insufficient permissions" as well. Turns out the ISAPI and CGI Restrictions in IIS for both ASP.NET 4.0 32bit and 64bit was set to deny. Marking them both to Allowed fixed my problem.
If you are the one like me who cannot find IIS_USR to give access to the config file, just give permissions to ‘Everyone’ at the root folder
When you grant permissions to IIS_IUSRS you should check that in the IIS/Authentication section of your Web Application, the Anonymous Authentication Credentials uses Application Pool Identity and not IUSR.
I had this issue running on Windows 10 with the App Pool using a microsoftaccount\[email protected] account (e.g., signing in to the PC with a Microsoft Account instead of local account).
Apparently on my computer something got corrupted; removing IIS and re-adding it did nothing (because it seems the IIS metabase was not removed). Deleting and recreating the app pool didn't help either.
My solution was just to create a new App Pool with the same settings but a different name. This fixed the issue for me; apparently something got corrupted with the apppool which even deleting it and re-adding it with the same name would not fix.
and click on edit permission.
Go to security.
click on edit button.
click add button. type COMPUTER_NAME\IIS_USERS
or
click advance.
click find now button.
and there is option to choose. choose IIS_USERS and click ok...ok....ok .
Right click Web.Config => Tab Security => Button Edit => Button Add => Button Advanced => Button Find Now = > In Search results select your group(in our case " IIS_IUSRS") => Ok => Ok=> Ok
For some reason your web.config is set as read only. Uncheck the readonly option of web.config file.
Go to the parent folder, right-click and select Properties. Select the Security tab, edit the permissions and Add. Click on Advanced and the Find Now. Select IIS_IUSRS and click OK and OK again. Make sure you have check Write. Click OK and OK again.
Job done!
The accepted solution didn't for me. I use a Git repo and it cloned to the following folder
c:\users\myusername\source\repos\myWebSite
I made new IIS website and pointed it at the path. Which didn't have the iis_iusrs permissions suggested in the accepted solution. When I added the permissions it still didn't work.
It only started working when I gave the following permissions to the 'Users' group and inheritance cascaded the permissions to web.config. Probably should have applied it just to the web.config to reduce attack surface area.
In my case, I was trying to host pages from a mapped drive (subst). The issue is that the subst was run under my account and the IIS user is not able to see the same drive
Certainly, this is an issue with permissions. I took following steps and it worked for me.
I used subst to create a mapping from D: to C: in order to keep the same setup as other developers in the team. This also gave me same errors as described. Removing this fixed it for me.
Editor's note: Doing what this answer says is DANGEROUS! The LocalSystem account is a ...
Completely trusted account, more so than the administrator account. There is nothing on a single box that this account cannot do, and it has the right to access the network as the machine (this requires Active Directory and granting the machine account permissions to something)
Changing the Identity from ApplicationPoolIdentity to LocalSystem did the work ;).
I am using win7 64 with IIS 7.5
This happened to us when the IIS application has a Virtual Directory with a Physical Path that contains forward-slashes / instead of backslashes \. This was accidentally done using a powershell management API for IIS during our continuous delivery process.
applicationHost.config
<application path="/MySite/MyService" applicationPool="MyAppPool" enabledProtocols="http">
<virtualDirectory path="/" physicalPath="C:\inetpub\MySite/MyService" />
</application>
Make sure the physicalPath
attribute does not contain forward-slashes /, only backslashes \
applicationHost.config
<application path="/MySite/MyService" applicationPool="MyAppPool" enabledProtocols="http">
<virtualDirectory path="/" physicalPath="C:\inetpub\MySite\MyService" />
</application>
I tried most of the previous suggestions but in vain. I can't reload the website, so I edited the .csproj file and changed the port number and it worked immediately:
<WebProjectProperties>
<UseIIS>True</UseIIS>
<AutoAssignPort>True</AutoAssignPort>
<DevelopmentServerPort>**4000**</DevelopmentServerPort>
<DevelopmentServerVPath>/</DevelopmentServerVPath>
<IISUrl>http://localhost:**4000**/</IISUrl>
<NTLMAuthentication>False</NTLMAuthentication>
<UseCustomServer>False</UseCustomServer>
<CustomServerUrl>
</CustomServerUrl>
<SaveServerSettingsInUserFile>False</SaveServerSettingsInUserFile>
</WebProjectProperties>
check if the file is not marked as read-only, despite of the IIS_IUSRS permission it will display the same message.
You don't have to change anything in your web.config.
The problem is file system permissions. Your file permissions do not allow the IIS_IUSRS user to access web.config (or probably any of the files). Change their file permissions in windows to allow the IIS_IUSRS account to access it.
Make sure your web.config file is not marked Read-only
Source: Stackoverflow.com