By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,354 Members | 1,042 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,354 IT Pros & Developers. It's quick & easy.

Xcopy Deployment - Access Denied Error

P: n/a
Hi

I have been asked to migrate a long-standing and stable asp.net application
from a W2k server on one NT domain on our intranet to another W2k server on
another NT domain also on our intranet. The application was written in
C#.NET using Visual Studio 2002 and v1.0 of the .NET Framework.

As we don't use Frontpage extensions on the servers (both run IIS5) I have
used Xcopy to copy the files from the original server across the WAN to the
new server. I have configured a virtual directory in IIS for the
application. The anonymous account is disabled and the application uses NTLM
(Windows) authentication throughout (including to access the SQL Server 2000
database).

When I try and access the application on the new server I get "Access is
Denied" - so I guess a permissions issue :)

The web.config file is set for impersonation=true and nothing else is
different in the application except for the database connection strings
which are pointed at the new server (the web app and SQL Server are on the
physical box).

Any thoughts or is this a bug in the impersonation function?

thanks

Bob
Nov 18 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
I'm wondering if the old box' s machine.config was using

<processModel userName="machine" password="AutoGenerate" />

whereas the new one still has

<processModel userName="SYSTEM" password="AutoGenerate" />

http://support.microsoft.com/default...product=aspnet
"Boxman" <bob@> wrote in message
news:uo**************@TK2MSFTNGP11.phx.gbl...
Hi

I have been asked to migrate a long-standing and stable asp.net
application
from a W2k server on one NT domain on our intranet to another W2k server
on
another NT domain also on our intranet. The application was written in
C#.NET using Visual Studio 2002 and v1.0 of the .NET Framework.

As we don't use Frontpage extensions on the servers (both run IIS5) I have
used Xcopy to copy the files from the original server across the WAN to
the
new server. I have configured a virtual directory in IIS for the
application. The anonymous account is disabled and the application uses
NTLM
(Windows) authentication throughout (including to access the SQL Server
2000
database).

When I try and access the application on the new server I get "Access is
Denied" - so I guess a permissions issue :)

The web.config file is set for impersonation=true and nothing else is
different in the application except for the database connection strings
which are pointed at the new server (the web app and SQL Server are on the
physical box).

Any thoughts or is this a bug in the impersonation function?

thanks

Bob


Nov 18 '05 #2

P: n/a
I'm using Windows NTLM Authentication so I don't think it's the password is
the issue.

The actual error is:

[ApplicationException: Access is denied.
]
System.Security.Principal.WindowsIdentity._Resolve Identity(IntPtr
userToken) +0
System.Security.Principal.WindowsIdentity.get_Name () +71
System.Web.Configuration.AuthorizationConfigRule.I sUserAllowed(IPrincipal
user, String verb) +100
System.Web.Configuration.AuthorizationConfig.IsUse rAllowed(IPrincipal
user, String verb) +81
System.Web.Security.UrlAuthorizationModule.OnEnter (Object source,
EventArgs eventArgs) +156
System.Web.SyncEventExecutionStep.Execute() +60
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87

Any thoughts?

Bob
Nov 18 '05 #3

P: n/a
Ken

Thanks for your thoughts.

I've been working on this all day now and have discovered that the migrated
applications work fine on the new (deployment) server IF I use the following
in web.config:

<identity impersonate="true" userName="mylogondomain\myusername"
password="mypassword" />

Of course I need all users to be able to access the application (and SQL
backend) using their own NT account credentials - per the original server.

I would like to narrow down the work that I need to do to isolate this
problem but as far as I can see the only difference between the original
application architecture and the new deployment is:

- The new server is on a different (trusted) NT domain
- The original deployment was at c:\inetpub\wwwroot\myapplication
- The new deployment is at F:\Sites\myapplication

This is very frustrating but I keep telling myself it is good experience!

I guess the issue is with the ASPNET local account permissions either
somewhere within the .NET Framework (v1.0 SP2) or the application folder but
I have checked again and all permissions for .NET seem to be correct
(default) and the application folder also has sufficient permissions for the
ASPNET account.

Just to remind you my original web.config entry is <identity
impersonate="true" /> and nothing else.

Any help much appreciated!

thanks

Bob
Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.