Common Issue: Permission problems when using remote content
We have had a number of customers run into problems when trying to store their ASP.NET Content on a remote machine. Whether that is just a UNC path from the web server or a DFS share. So I wanted to talk about the issues and how to resolve them to try to help others that may be wanting to do this.
Here is a list of some of the more common issues that we see:
- .NET Framework 3.5 SP1 Allows managed code to be launched from a network share! More info here and here.
- FIX- Cannot Compile Code-Behind Files That Use Src Attribute on a UNC
- For impersonation:
- If the application resides on a UNC share, ASP.NET always impersonates the IIS UNC token to access that share unless a configured account is used. If you provide an explicitly configured account, ASP.NET uses that account in preference to the IIS UNC token.
- That is from: ASP.NET Impersonation
- If the application resides on a UNC share, ASP.NET always impersonates the IIS UNC token to access that share unless a configured account is used. If you provide an explicitly configured account, ASP.NET uses that account in preference to the IIS UNC token.
- FIX: ASP.NET 2.0-connected applications on a Web site may appear to stop responding
- You may receive one or more error messages when you try to access an ASP.NET application that is hosted by using pass-through authentication in a UNC virtual directory in Internet Information Services 6.0
- If the worker process is running under NETWORK_SERVICE, it won’t be able to authenticate on a remote server such as a NAS. So need to run as a domain account who can access such shares. This also applies to a DFS share.
- Double Hop and ASP.NET - a workaround. - Miscellaneous Debris / nunos's Blog - Concerning the credentials double hop issue
- Hosting IIS with UNC content - Network BIOS commands and other errors
Another problem you may see is this error:
Server Application unavailable
Event Type: Error
Event Source: ASP.NET 2.0.50727.0
Event Category: None
Event ID: 1088
Date: 4/28/2008
Time: 1:11:07 PM
User: N/A
Computer: TEST
Description:
Failed to execute request because the App-Domain
could not be created. Error: 0x8013150a
For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ASP.NET 2.0.50727.0
Event Category: None
Event ID: 1334
Date: 4/28/2008
Time: 1:06:45 PM
User: N/A
Computer: TEST
Description:
Failed to initialize the AppDomain:/LM/W3SVC/894523/Root
Exception: System.Security.SecurityException
Message: Request for the permission of type 'System.Web.AspNetHostingPermission,
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(String assemblyName, String typeName)
at System.AppDomain.CreateInstance(String assemblyName, String typeName)
at System.AppDomain.CreateInstance(String assemblyName, String typeName)
at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironmentAndReportErrors(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
This is caused by needing to add the path of the UNC to the MyComputer Zone and making sure it has FullTrust. You can see more about CAS (Code Access Security) and ASP.NET at How to Use CAS with ASP.NET.