Re: VS.NET 2005 and the "allowDefinition='MachineToApplication'" e

Yep. This is what I said in my first response, "This exception almost always
occurs when a web project is not configured as an IIS application."

If you have a web.config in a lower folder that ISN'T an IIS application,
that's the message you will get.
Peter


--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com




"deathtospam@xxxxxxxxx" wrote:

Your description of impersonation is great. I've seen the term slung
around in many threads, but I always thought it had to do with
traditional ACL / security settings -- I didn't realize it was an
ASP.NET config file setting until just now. So thank you for that.

I just posted ( http://tinyurl.com/yh3als ) a reply to my original,
top-level cry for help. Long story short: I think the problem was that
I had another folder with ASPX code (and a Web.config file) nested
within the folder I was trying to compile. I'm guessing -- and please
correct me if I'm wrong -- that you can only have a Web.config file in
the root directory of the folder you're trying to compile, or the root
directory of folders that are set up as virtual directories (and
therefore have values for Application Name and Starting Point in IIS).

Does any of that make sense? I'm working backwards, trying to figure
out how things work based on when I encounter errors. You, OTOH, know
more about why things work they way they do, and I'm hoping you can
confirm or refute my ideas based on your experience.


-= Tek Boy =-


Juan T. Llibre wrote:
re:
I don't believe I changed the ASP.NET default identity, but just in
case, is there a way to reset it -- or is that what your script did?

The script only assigned access permissions to MachineName\ASPNET
It doesn't change the default identity.

The only way to "reset" the impersonated account is to
manually change the impersonation web.config entry:

<identity impersonate="true" username="SomeAccount" password="P@ssw0rd" />

If you want to use the default configured account, eliminate that entry, or configure it as :

<identity impersonate = "false" />

Did you check to see that the directories listed at :
http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx
allow access to the machinename\ASPNET account ?

The easiest way to assign correct permissions to all required directories is to run :

aspnet_regiis -ga MachineName\ASPNET

from a command-line in the .Net Framework directory
( assuming that MachineName\ASPNET is the configured ASP.NET identity )

You may as well verify the account which ASP.NET is running as.
To do that, save the following code as "identity.aspx" and run it.

identity.aspx:
-------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = "ASP.NET is running as the account : " & tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
------------

Running that script will return the configured ASP.NET account.

The above suggestions ONLY work if you're using the .Net Framework 2.0.
Make sure your virtual directory is configured to use it ( in the MMC's ASP.NET tab ).




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<deathtospam@xxxxxxxxx> wrote in message
news:1163173703.956961.195470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Juan --

I ran the script you suggested, replacing the [MachineName] placeholder
text with my own computer's name. A whole list of stuff was displayed
(the names of the files that had permissions recursively applied to
them?), so I assume it worked, but is there a way to confirm or view
who has permission to access to GAC? When I view the
[\windows\assembly]'s properties (right-click folder > Properties), a
Security tab isn't present, so I'm guessing it's a special folder...

Anyway, I re-started IIS and tried to access my ASPX page again -- same
problem. Btw, while re-checking the Application log I noticed a
warning before the GAC errors occurred:

==========================================
Exception: System.IO.FileLoadException
Message: Could not load file or assembly 'System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its
dependencies. Access is denied.
==========================================

I'm not sure if that helps, or merely confirms that the problem is
related to GAC permissions, but I thought I'd post it just in case. I
don't believe I changed the ASP.NET default identity, but just in
case, is there a way to reset it -- or is that what your script did?
I'm more than happy to reset any necessary settings... this is my dev
machine, after all.


-= Tek Boy =-


Juan T. Llibre wrote:
re:
Failed to execute the request because the ASP.NET process identity does
not have read permissions to the global assembly cache. Error:
0x80070005 Access is denied.
I've heard of the GAC, but I don't know enough about it to fix my
problem, or even know where to start.

The GAC is located in the directory : \windows\assembly.
Your ASP.NET identity doesn't have permission to read/execute the files in the GAC

Did you change the ASP.NET identity from the default MachineName\ASPNET ?
( for Windows XP installations... )

If you haven't changed the default identity ( by impersonating a different account... ),
you'll need to assign sufficient permissions to MachineName\ASPNET for that directory.

Warning :
You cannot use Windows Explorer to directly edit ACLs for this folder.

Instead, run the following command using your machine's name in place of MachineName:

cacls %windir%\assembly /e /t /p MachineName\ASPNET:R

That will assign, to your ASP.NET identity (MachineName\ASPNET),
the permissions needed to access the assemblies in the GAC.

If you are impersonating a different account, either change the impersonated account
to MachineName\ASPNET, or assign the permissions to the account you're using.

If you did change the impersonated account, you might also have to assign permission
to access, to that account, the directories listed in this MSDN article :

http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<deathtospam@xxxxxxxxx> wrote in message
news:1163170406.571950.121790@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I didn't have to touch IIS when I first wrote and ran the scripts the
first time around, but I'll give this a shot, anyway.

How do I configure a web project as an IIS application? I'm running
Windows XP Professional, so I can only have one IIS "web site". I
tried setting up a virtual directory beneath the default web site that
pointed to the folder where my code lives, and made sure the "Virtual
Directory > Application Settings > Application name" field in IIS had a
value (it does). When I tried to access the application
(http://localhost:99/tinkering/FirstPage.aspx), I get the following
error:

==========================================
Server Application Unavailable

The web application you are attempting to access on this web server is
currently unavailable. Please hit the "Refresh" button in your web
browser to retry your request.

Administrator Note: An error message detailing the cause of this
specific request failure can be found in the application event log of
the web server. Please review this log entry to discover what caused
this error to occur.
==========================================


So I went ahead and opened up the "Event Viewer > Application" window,
where I saw the following detailed error message:

==========================================
Failed to execute the request because the ASP.NET process identity does
not have read permissions to the global assembly cache. Error:
0x80070005 Access is denied.
==========================================


I've heard of the GAC, but I don't know enough about it to fix my
problem, or even know where to start.


-= Tek Boy =-


Peter wrote:
This exception almost always occurs when a web project is not configured as
an IIS application.
Peter

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com




"deathtospam@xxxxxxxxx" wrote:

A day or two ago, I wrote a quick ASPX page with a CS codebehind using
Visual Studio .NET 2005 -- it worked, I saved it and closed the
project. Today, I came back to the project, reopened the solution, and
was greeted with the following error:

========================================================================
It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
========================================================================

I did some searching on Google, and all of the solutions to this
problem involved tweaking IIS. The thing is, I didn't have to touch
IIS when I wrote, compiled and ran the ASPX the first time around --
why would I have to do it during a subsequent visit?

If anybody has any suggestions on how to resolve this problem, I would
greatly like to hear them. Thanks in advance!


-= Tek Boy =-





.