IIS 7 – Who is running the show
When you run ASP.NET site in Visual Studio things generally tend to work. It usually when you try to deploy it to live server when you get into trouble. This is why I wasn’t surprised when after setting up little continuous integration server my application that ran perfectly well in VS broke apart on local IIS 7. I went to IIS console and double-checked application settings and write permissions. Along with Network Service I gave access to ASPNET account, because IIS keeps changing identity and I felt lazy to figure out what account it uses in this particular case.
Did not work. Still was getting annoying “access denied” errors. It puzzled me a little bit and I started to dig deeper. Turned out in IIS 7.x account that ASP.NET uses called… ApplicationPoolIdentity!
Ok, that’s new. To make sure I’m not delusional I put together a page that outputs ASP.NET process name and checked if this identity has write permission to folders that my application needed to function properly. Sure enough, it confirmed my suspensions – App_Data directory I needed for write access was not accessible for ApplicationPoolIdentity. For App_Code IIS did assigned write permissions to this stranger.
The fix is obvious once you know who runs the show under IIS’s mask. I could’ve give this new account all needed rights, but instead just changed identity for classic application pool to network service.
Ran checker page again and this time got familiar account name and all the green bars. Sweet!
End of story, but it got me thinking about some kind of install/setup troubleshooter for ASP.NET application. Basically, it can be a form where you specify some common conditions, then it runs and checks those conditions and outputs result on the screen. It could be really helpful for beginners in identifying problems that otherwise can be frustrating fore novice would-be ASP.NET converts. I ran into questions on setup and install issues in BlogEngine’s forum all the time. If not generic, it can be easily extended to troubleshoot most common issues with installing BlogEngine on different server configurations regardless of whether you are using an enterprise level MPLS VPN or simple web IP web host.
If you having issues with weird behavior on you BE live server, download and unzip “check” folder to your local machine and then move it to that server. Go to your site and navigate to “check” folder, it will show you file access permissions relevant to your BE installation. For another ASP.NET application you would have to modify code to check your writable directory(s), but it is very easy, you only need to replace directories in Page_Load with those your app uses.
protected void Page_Load(object sender, EventArgs e)
{
Msg(string.Format("ASP.NET account Identity is: {0}",
WindowsIdentity.GetCurrent().Name), true);
Process("app_data");
Process("app_data/datastore");
Process("app_code/extensions");
}