Debugging an ASP.NET application as a non-admin

The debugger team has gotten many requests to debug ASP.NET applications as a non-admin. In Whidbey, the ASP.NET team did a good job solving this problem. Their solution is much nicer then mine. In the mean time, here is a way that you can get this scenario to work in the 7.1 IDE. I hope this helps. If it doesn't work for you, you can post a comment, but don't call PSS. This isn't supported.

The basic idea is to use the little web server from Web Matrix instead of IIS. The reason that non-admins can't debug IIS is that it runs as a different user. Debugging other user's processes is a privileged operation. Hence the restriction. Web Matrix solves this problem by running the web server as the local user. There are a few downsides to this -- bugs that are affected by the identity of the worker process will go away, and Web Matrix doesn't support everything that full IIS does. However, for simple web applications, this should be a good solution.

Note: This setup still uses a web project. This gives you the ability to easily test the application under IIS, and also gives you intelisense. If you don't want to run the application under IIS at all, then you could do this with far less effort, and improved security.

Anyway, here are the instructions to allow JoeUser (a non-administrator) to debug his ASP.NET application. First an administrator must setup the computer:

  1. Install IIS
  2. Install Visual Studio.NET 2003
  3. Install Web Matrix from https://www.asp.net/webmatrix/
  4. Create a new web application in Visual Studio. You do this as an administrator so that you don't need to give the normal user the right to configure the metadata in IIS. I called my application 'WebApplication1'.
  5. Configure directory security.
    CAUTION: By doing this, you are allowing JoeUser to compromise the security of IIS. If this is a problem, I would recommend not using a web project, but instead just use VS as an editor/debugger.
    • Open up explorer
    • Browse to C:\Inetpub\wwwroot
    • Right click on 'WebApplication1' (or whatever you called the web application), and open properties
    • Switch to the 'Security' tab and give full control to JoeUser (the non-administrator that you want to be allowed to debug)
    • Repeat the steps for the 'C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files' folder
  6. Open the administrator tool to manage your computer. Go to 'Local Users and Groups->Users' 
  7. Right click on JoeUser, switch to the 'Member Of' tab, and add 'Debugger Users'. 'Debugger Users' isn't a privelged group, so this isn't scary.

Debug as JoeUser:

  1. Start VS
  2. Open C:\Inetpub\wwwroot\WebApplication1\WebApplication1.csproj (or whatever the project created by the administrator was)
  3. Right click on the project, and open properties
  4. Go to Configuration Properties->Debugging
  5. Change 'Debug Mode' to 'Program'
  6. Set the application to the Web Matrix web server -- C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe (note: I needed to close and reopen the properties Window after changing the debug mode)
  7. Set the 'Command Line Arguments' to '/port:8080 /path:c:\Inetpub\wwwroot\WebApplication1'
  8. Close properties Window
  9. Set any breakpoints that you want
  10. Hit F5
  11. Open IE
  12. Browse to https://localhost:8080/WebForm1.aspx

Result:
Your breakpoint hit!