Common Issue: Permission problems when using remote content


We have had a number of customers run into problems when trying to store their ASP.NET Content on a remote machine.  Whether that is just a UNC path from the web server or a DFS share.  So I wanted to talk about the issues and how to resolve them to try to help others that may be wanting to do this.

Here is a list of some of the more common issues that we see:

Another problem you may see is this error:

Server Application unavailable

Event Type:	Error
Event Source:	ASP.NET 2.0.50727.0
Event Category:	None
Event ID:	1088
Date:		4/28/2008
Time:		1:11:07 PM
User:		N/A
Computer:	TEST
Description:
Failed to execute request because the App-Domain 
could not be created. Error: 0x8013150a For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: ASP.NET 2.0.50727.0 Event Category: None Event ID: 1334 Date: 4/28/2008 Time: 1:06:45 PM User: N/A Computer: TEST Description: Failed to initialize the AppDomain:/LM/W3SVC/894523/Root Exception: System.Security.SecurityException Message: Request for the permission of type 'System.Web.AspNetHostingPermission,
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark) at System.Activator.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstance(String assemblyName, String typeName) at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters) at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironmentAndReportErrors(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This is caused by needing to add the path of the UNC to the MyComputer Zone and making sure it has FullTrust.  You can see more about CAS (Code Access Security) and ASP.NET at How to Use CAS with ASP.NET.

Comments (8)

  1. You’ve been kicked (a good thing) – Trackback from DotNetKicks.com

  2. Franco says:

    Great Post.

    I have ran into a similar issues after I install .Net 3.5 SP1. I received Even ID 1088, Error Code 0x80131501 followed by the Even ID 1334 as described below:

    Failed to initialize the AppDomain:/LM/W3SVC/1130554000/Root

    Exception: System.SystemException

    Message: Failed to create AppDomain.

    StackTrace:    at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)

      at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironmentAndReportErrors(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)

    InnerException: System.ArgumentException

    Message: The UNC path should be of the form \servershare.

    StackTrace:    at System.Security.Policy.PolicyLevel.GenericResolve(Evidence evidence, Boolean& allConst)

      at System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32 count, Char[] serializedEvidence)

      at System.Security.PolicyManager.CodeGroupResolve(Evidence evidence, Boolean systemPolicy)

      at System.Security.PolicyManager.ResolveHelper(Evidence evidence)

      at System.Security.HostSecurityManager.ResolvePolicy(Evidence evidence)

      at System.Security.PolicyManager.Resolve(Evidence evidence)

      at System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission)

      at System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean checkExecutionPermission)

      at System.AppDomain.nSetupDomainSecurity(Evidence appDomainEvidence, IntPtr creatorsSecurityDescriptor, Boolean publishAppDomain)

      at System.AppDomain.SetDomainManager(Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, IntPtr parentSecurityDescriptor, Boolean publishAppDomain)

      at System.AppDomain.InternalRemotelySetupRemoteDomainHelper(Object[] args)

      at System.Threading.Thread.CompleteCrossContextCallback(InternalCrossContextDelegate ftnToCall, Object[] args)

      at System.AppDomain.nCreateDomain(String friendlyName, AppDomainSetup setup, Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, IntPtr parentSecurityDescriptor)

      at System.AppDomain.CreateDomain(String friendlyName, Evidence securityInfo, AppDomainSetup info)

      at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)

    Do you have any clue how to fix this? Thank you in advance

  3. Franco,

    Check what user you are running under now.  Maybe installing that set it back to the default and it is running under a local account now that doesn’t have permission.

  4. Franco says:

    Hi Tom,

    After checking the application pool, the identity is still Network Services.

  5. KD says:

    Fixed the AspNetHostingPermission error with caspol (+reboot) using this article: http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx

    And fixed the following "Failed to start monitoring changes to ‘W:……’ because the network BIOS command limit has been reached. For more information on this error, please refer to Microsoft knowledge base article 810886. Hosting on a UNC share is not supported for the Windows XP Platform" error (on my Vista(!) machine) using this article: http://support.microsoft.com/kb/810886/en-us

    I set MaxCmds to 100 (+ reboot).

    Notes

    The reboots are really neccessary (I rebooted after each step but 1 reboot might also suffice).

    You don’t need to turn File Change Notifications (FCN) off as suggested here: http://channel9.msdn.com/forums/TechOff/65291-Network-BIOS-command-limit/#CommentID=390454

  6. KD says:

    This didn’t work for my co-worker using XP. But it did help to set FCNMode to 2 (less monitoring objects) on his machine.

    Hope this helps some of you.