Fixing 'You do not have permissions to debug the server' errors

First, some background. The way we start ASP.NET debugging is to send a special request to ASP.NET over HTTP/HTTPS. The verb for this request is 'DEBUG'. If everything goes as planned, this allows VS to know what process to attach to.

Displaying error messages for this is really hard. We aren’t a web browser, so we can't show you the HTML that the server might send back. We use WinInet, which is great for IE, but it has proved to be a huge pain for us. In Whidbey, we switched to the System.NET APIs instead.

Anyway, so the debugger will return 'You do not have permissions to debug the server' if we get an HTTP status code of 401 (Unauthorized).

The first problem with this error is that HTTP 401 has nothing to do with permissions, so the text is never right. What we should have said was -- NTLM authentication isn't working. Check IIS and IE settings, because it is probably disabled.

Some of the possible causes:

  1. If you mess with the 'zone' settings in IE, you can put the web site in the wrong zone. I have seen this happen when someone put the target site in the 'Restricted sites' zone.
  2. In Server 2003, there is the new 'Internet Explorer Enhanced Security Configuration', which sometimes causes NTLM to not work, even after the site has been added to the 'trusted sites' group. Try uninstalling this.
  3. You can disable NTLM in IIS. Open up IIS manager, go to 'Directory Security', and click 'Edit' under 'Authentication and Access Control'. Make sure that 'Integrated Windows Authentication' is enabled.
  4. NTLM could just not be working between the machines. Make sure that you can open up a file share. You might also want to check the event log on the server.

Hope this helps.