Cannot read configuration file due to insufficient permissions

Question

I ve recently encountered an error trying to host my asp net site with IIS   I have found a solution that many swear by   Solution   Add IIS IUSRS with Read permission on files in the folder Change IIS authentication method to BasicAuthentication refresh the website  It will work    http   vivekthangaswamy blogspot com 2009 07 aspnet-website-cannot-read html  What do I add to my web config file though   I ve never had to edit it before   Here is its current contents   lt  xml version  quot 1 0 quot   gt   lt  --   For more information on how to configure your ASP NET application  please visit   http   go microsoft com fwlink  LinkId 169433   -- gt   lt configuration gt       lt connectionStrings gt     lt add name  quot DefaultConnection quot  connectionString  quot Data Source   SQLEXPRESS AttachDbFilename  DataDirectory  Database mdf Integrated Security True User Instance True quot     providerName  quot System Data SqlClient quot    gt    lt  connectionStrings gt    lt system web gt     lt compilation debug  quot true quot  strict  quot false quot  explicit  quot true quot  targetFramework  quot 4 0 quot   gt       lt  system web gt   lt  configuration gt   My error is   Config Error  Cannot read configuration file due to insufficient permissions Config File      C  Users      Documents Visual Studio2010 WebSites PointsForTime web config

User · Answer

Make the file accessible to the IIS IUSRS group  Right click your web config  expand properties  and under security tab  add IIS IUSRS  Give the group read write access    When the group is NOT available  replace IIS IUSRS by ComputerName IIS IUSRS

User · Answer

This can happen if your application is in a virtual directory and the path to the files is a mapped drive    If you change the path to the files to a local drive  this will solve it  if that indeed is your problem

User · Answer

In my case  I was trying to host pages from a mapped drive  subst    The issue is that the subst was run under my account and the IIS user is not able to see the same drive

User · Answer

There is no problem with your web config  Your web site runs under a process  In iis you can define the identity of that process  The identity that your web site s application pool runs as  Network Services  Local System  etc    should have permission to access and read web config file   Update   This updated answer is same as above  but a little longer and simpler and improved   First of all  you don t have to change anything in your config file  It s OK  The problem is with windows file permissions   This problems occurs because your application can not access and read web config file   Make the file accessible to IIS IUSRS group  Just right click web config and click properties  under security tab  add IIS IUSRS   So what is this IIS IUSRS thing   Your web site is like an exe file  Just like any exe file  it should be started by a user and it runs according to permissions assigned to that user   When your site is started in IIS  Application Pool of your web site is associated with a user  Network Services  Local System  Etc        and can be changed in IIS   So when you say IIS IUSRS  it means any user  Network Services  Local System  Etc       that your site is running as   And as  Seph mentioned in comment below  If your computer is on a domain  remember that IIS IUSRS group is a local group   Also make sure that when you re trying to find this user check the location it should be set to local computer and not a corporate domain

User · Answer

I had what appeared to be the same permissions issue on the web config file  However  my problem was caused by IIS failing to load the config file because it contained URL rewrite rules and I hadn t installed the IIS URL rewrite module on the new server   Solution  Install the rewrite module  Hope that saves somebody a few hours

User · Answer

Had this issue with a Virtual Application  All the permissions were set   IIS IUSRS  AppPoolIdentity and then gave full access to Everyone  Nothing worked  Restarted apppool  site and IIS but No go   Deleted the virtual application and added it again from scratch and it started working   Wish I knew what solved it

User · Answer

Changing the Process Model Identity to LocalSystem fixed this issue for me   You can find this setting if you right click on the application pool and chose  Advanced Settings    I m running IIS 7 5

User · Answer

Certainly  this is an issue with permissions  I took following steps and it worked for me    select your website or application in left corner  In most cases it would be under Default web site  click on Basic settings on right corner in IIS Manager 7 or above  click connect as button  Use  Specific User   Click on set button  Enter your username and password  like Domain username  for me it was like ABC rrajkumar  enter password  restart IIS  browse your website  It should work now

User · Answer

Sometimes if it is a new server you need to configure or install ASP NET feature on IIS for it to be able to read your web config file    In my case this was the reason

User · Answer

I was receiving the  Cannot read configuration file due to insufficient permissions  as well  Turns out the ISAPI and CGI Restrictions in IIS for both ASP NET 4 0 32bit and 64bit was set to deny  Marking them both to Allowed fixed my problem

User · Answer

Shift your project to some drive other than C  Worked for me with the same error

User · Answer

I tried most of the previous suggestions but in vain  I can t reload the website  so I edited the  csproj file and changed the port number and it worked immediately     lt WebProjectProperties gt         lt UseIIS gt True lt  UseIIS gt         lt AutoAssignPort gt True lt  AutoAssignPort gt         lt DevelopmentServerPort gt   4000   lt  DevelopmentServerPort gt         lt DevelopmentServerVPath gt   lt  DevelopmentServerVPath gt         lt IISUrl gt http   localhost   4000    lt  IISUrl gt         lt NTLMAuthentication gt False lt  NTLMAuthentication gt         lt UseCustomServer gt False lt  UseCustomServer gt         lt CustomServerUrl gt         lt  CustomServerUrl gt         lt SaveServerSettingsInUserFile gt False lt  SaveServerSettingsInUserFile gt       lt  WebProjectProperties gt    Editing  csproj file

User · Answer

All answers given are valid and working under different circumstances   For me  restarting Visual Studio worked

User · Answer

I had the same problem when I tried to share the site root folder with another user  Some folder lost the permission  So I followed the steps to add permission to IIS IUSRS group as suggested by Afshin Gh  The problem is this group was not available for me  I am using windows 7   What I did I just  changed some steps    Right click on the parent folder  who lost the permission   Properties    Security   In  Group or user names    Click Edit    Window  Permission for your folder  will be opened  In  Group or user names   press ADD    btn  Type Authen and press Check Names  You will see the complete group name  Authenticated Users  Press ok    apply  This should enable privileges again    That worked for me

User · Answer

I needed to add permissions to IUSR  in addition to ISS-IUSRS  as others have suggested    See also  http   codeasp net blogs raghav khunger microsoft-net 2099 iis-7-5-windows-7-http-error-401-3-unauthorized

User · Answer

Make sure your web config file is not marked Read-only

User · Answer

I gave permission and used ICACLS exe but didn t work  Then I changed the physical path and it worked successfully    IIS 8 5 windows 2012 R2

User · Answer

I had this issue running on Windows 10 with the App Pool using a microsoftaccount email contosa com account  e g   signing in to the PC with a Microsoft Account instead of local account    Apparently on my computer something got corrupted  removing IIS and re-adding it did nothing  because it seems the IIS metabase was not removed    Deleting and recreating the app pool didn t help either    My solution was just to create a new App Pool with the same settings but a different name   This fixed the issue for me  apparently something got corrupted with the apppool which even deleting it and re-adding it with the same name would not fix

User · Answer

I had the same issue and after doing all the stuff written here as answers  it still reproduced  The second half of the issue was the fact that  NET was turned off under  Turn Windows features on or off

User · Answer

I have solved this by adding read permission to folder for application pool user  WIN SERVER 2008 R2   C  Windows System32 inetsrv config  A little background  Our server has been hacked using classical error where app user had more permissions that it should  local admin    To fix it we created new domain user that had only permissions on application folder  with min needed rights and assigned it as application pool user  than we hit in the issue and this was solution to our problems

User · Answer

This happened to us when the IIS application has a Virtual Directory with a Physical Path that contains forward-slashes   instead of backslashes    This was accidentally done using a powershell management API for IIS during our continuous delivery process    Bad Config Example - applicationHost config   lt application path   MySite MyService  applicationPool  MyAppPool  enabledProtocols  http  gt       lt virtualDirectory path     physicalPath  C  inetpub MySite MyService    gt   lt  application gt    Make sure the physicalPath attribute does not contain forward-slashes    only backslashes    Corrected Config Example - applicationHost config   lt application path   MySite MyService  applicationPool  MyAppPool  enabledProtocols  http  gt       lt virtualDirectory path     physicalPath  C  inetpub MySite MyService    gt   lt  application gt

User · Answer

I set the  NET CLR version to No Managed Code and everything started to work fine

User · Answer

I was running a website at localhost MyApp built and run through Visual Studio - via a Virtual Directory created by Visual Studio itself   The  solution  for me was to delete the Virtual Directory and let Visual Studio recreate it

User · Answer

check if the file is not marked as read-only  despite of the IIS IUSRS permission it will display the same message

User · Answer

Editor s note  Doing what this answer says is DANGEROUS  The LocalSystem account is a               Completely trusted account  more so than the administrator account  There is nothing on a single box that this account cannot do  and it has the right to access the network as the machine  this requires Active Directory and granting the machine account permissions to something         Changing the Identity from ApplicationPoolIdentity to LocalSystem did the work      I am using win7 64 with IIS 7 5  more about  Application Pool Identity in IIS 7 5 and win 7

User · Answer

For some reason your web config is set as read only  Uncheck the readonly option of web config file

User · Answer

Instead of giving access to all IIS users like IIS IUSRS you can also give access only to the Application Pool Identity using the site  This is the recommended approach by Microsoft and more information can be found here  https   support microsoft com en-za help 4466942 understanding-identities-in-iis https   docs microsoft com en-us iis manage configuring-security application-pool-identities Fix   Start by looking at Config File parameter above to determine the location that needs access  The entire publish folder in this case needs access  Right click on the folder and select properties and then the Security tab   Click on Edit    and then Add     Now look at Internet Information Services  IIS  Manager and Application Pools   In my case my site runs under LocalTest Application Pool and then I enter the name IIS AppPool LocalTest  Press Check Names and the user should be found   Give the user the needed access  Default  Read  amp  Execute  List folder contents and Read  and everything should work

User · Answer

If you are the one like me who cannot find IIS USR to give access to the config file  just give permissions to    Everyone    at the root folder

User · Answer

Right click Web Config    Tab Security    Button Edit    Button Add    Button Advanced    Button Find Now     In Search results select your group in our case   IIS IUSRS      Ok    Ok   Ok

User · Answer

I had this error message that turned out to be due to my physical folder being located on a network drive as opposed to the local drive  It seems the permissions on such drives by default can be different  For example  while the local drive location gave permission to the users of the local computer  the network location did not   Further  the accepted answer does not work for such a case  The local users or IIS users were not an available to assign permissions to  The solution was to move the physical folder to the local drive

User · Answer

Go to IIS   sites  Right click on project inside the sites enter image description here  and click on edit permission   Go to security   click on edit button   click add button   type COMPUTER NAME IIS USERS or  click advance   click find now button  and there is option to choose  choose IIS USERS and click ok   ok    ok

User · Answer

I used subst to create a mapping from D  to C  in order to keep the same setup as other developers in the team   This also gave me same errors as described   Removing this fixed it for me

User · Answer

The accepted solution didn t for me   I use a Git repo and it cloned to the following folder  c  users myusername source repos myWebSite   I made new IIS website and pointed it at the path   Which didn t have the  iis iusrs permissions suggested in the accepted solution   When I added the permissions it still didn t work   It only started working when I gave the following permissions to the  Users  group and inheritance cascaded the permissions to web config   Probably should have applied it just to the web config to reduce attack surface area

User · Answer

Go to the parent folder  right-click and select Properties  Select the Security tab  edit the permissions and Add  Click on Advanced and the Find Now  Select IIS IUSRS and click OK and OK again  Make sure you have check Write  Click OK and OK again   Job done

User · Answer

For me the error turned up during Debugging on my local machine and turned out to be related to the base web config  which is initiated by the  NET Framework when compiling the website  My C  Windows Microsoft NET Framework64 v4 0 30319 Config web config file had an unrecognized element  folderLevelBuildProviders   Fixing this fixed the 500 19 error   See this  IIS Manager can  39 t configure  NET Compilation on  NET 4 Applications

User · Answer

We had a website running with a specific identity in the apppool  only after giving that user read access to the folder containing the web config would it work  We tracked this down after adding the  everyone  user with read and everything worked fine

User · Answer

When you grant permissions to IIS IUSRS you should check that in the IIS Authentication section of your Web Application  the Anonymous Authentication Credentials uses Application Pool Identity and not IUSR

User · Answer

I had this same issue and none of these solutions worked for me  I kept getting the same error and one about  Failed to start monitoring changes  in the event viewer    The only thing that worked was to copy the folder and rename it back  It must have been a corrupted folder in Windows that IIS ASP NET could not access

User · Answer

The above answers were helpful  but in case this helps anyone - I had this exact problem  and it turned out that I was  windows networking  sharing the root folder that the site was being hosted from  We killed the share  and added the Users permission to read execute and it worked again just fine   I suspect the share messed it up

User · Answer

You don t have to change anything in your web config   The problem is file system permissions   Your file permissions do not allow the IIS IUSRS user to access web config  or probably any of the files    Change their file permissions in windows to allow the IIS IUSRS account to access it

[asp.net] Cannot read configuration file due to insufficient permissions

Examples related to asp.net

Examples related to iis-7

Examples related to file-permissions