Close

IIS 7 – Who is running the show

iis7_thumb.png

When you run ASP.NET site in Visual Studio things generally tend to work. It usually when you try to deploy it to live server when you get into trouble. This is why I wasn’t surprised when after setting up little continuous integration server my application that ran perfectly well in VS broke apart on local IIS 7. I went to IIS console and double-checked application settings and write permissions. Along with Network Service I gave access to ASPNET account, because IIS keeps changing identity and I felt lazy to figure out what account it uses in this particular case.

yellow_thumb.png

Did not work. Still was getting annoying “access denied” errors. It puzzled me a little bit and I started to dig deeper. Turned out in IIS 7.x account that ASP.NET uses called… ApplicationPoolIdentity!

advsettings_thumb.png

Ok, that’s new. To make sure I’m not delusional I put together a page that outputs ASP.NET process name and checked if this identity has write permission to folders that my application needed to function properly. Sure enough, it confirmed my suspensions – App_Data directory I needed for write access was not accessible for ApplicationPoolIdentity. For App_Code IIS did assigned write permissions to this stranger.

apppool_thumb.png

The fix is obvious once you know who runs the show under IIS’s mask. I could’ve give this new account all needed rights, but instead just changed identity for classic application pool to network service.

networksettings_thumb.png

Ran checker page again and this time got familiar account name and all the green bars. Sweet!

success_thumb.png

End of story, but it got me thinking about some kind of install/setup troubleshooter for ASP.NET application. Basically, it can be a form where you specify some common conditions, then it runs and checks those conditions and outputs result on the screen. It could be really helpful for beginners in identifying problems that otherwise can be frustrating fore novice would-be ASP.NET converts. I ran into questions on setup and install issues in BlogEngine’s forum all the time. If not generic, it can be easily extended to troubleshoot most common issues with installing BlogEngine on different server configurations regardless of whether you are using an enterprise level MPLS VPN or simple web IP web host.

If you having issues with weird behavior on you BE live server, download and  unzip “check” folder to your local machine and then move it to that server. Go to your site and navigate to “check” folder, it will show you file access permissions relevant to your BE installation. For another ASP.NET application you would have to modify code to check your writable directory(s), but it is very easy, you only need to replace directories in Page_Load with those your app uses.

protected void Page_Load(object sender, EventArgs e)
{
    Msg(string.Format("ASP.NET account Identity is: {0}", 
        WindowsIdentity.GetCurrent().Name), true);

    Process("app_data");

    Process("app_data/datastore");

    Process("app_code/extensions");
}

check.zip

Tags asp.net

rtur

Popular

About RTUR.NET

This site is all about developing web applications with focus on designing and building open source blogging solutions. Technologies include ASP.NET Core, C#, Angular, JavaScript and more.

Tags

ajax analytics angular asp.net asp.net mvc azure blazor blogengine blogging blogifier cloud code snippets coding commentor css design digitalocean extension manager extensions gallery general google javascript linux mp3player open source release reviews security spam protection themes tutorial tutorials widgets wlw