Can anyone help me set up an ASP.NET webserver with Windows 2003 Server?

[jdub12]

I have some applications that I know work with my ASP.NET webhost, but since I cancelled my accounts, I want to run the applications from my home pc with a broadband account.

I have the application server portion of windows 2003 server configured. I installed IIS 6.0 and all ASP.NET functionality. I also used the built in web login tool to specify my directories and defaults for the application that I want to run.

The problem Im having is, when I go to load the page, I get runtime error, but I know the app works. Just in case, I also tried loading a simple .aspx page with a button on it and I get the same error. Im wondering if there is anything specific that I need to do to get this to work? I added the parameters to the web.config to allow me to view the errors, but I still cannot when they arise.

If you have any expertise in configuring an ASP.NET server, I would appreciate your help! Thank you.

 

[jdub12]

UPDATE:

I can get it to show errors locally, and it is denying access to the folder saying: "Failed to start monitoring file changes."

Anyone have an idea how to solve this?

 

[[MS]]

While I've never seen that error, I can imagine it's from the ASP.NET worker process being denied access to certain files.


Did a search and came up with this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;317955
It has steps to re-enable the needed permissions.

 

[jdub12]

You are the MAN!!

Thanks for doing all that searching for me...it never dawned on me to use the knowledgebase although I use it for every other MS related question.

All I had to do was add the Network Service permission to the virtual directory and it worked. Not exactly sure what that is, and I hope it doesnt leave my system in a compromising situation but it works now like a charm. Any idea what that Network Service permission does and the effect it may have on my system to exploits? I cant understand why if its needed to serve ASP.NET, why MS wouldnt enable it right from the get go?!?

 

[[MS]]

> Any idea what that Network Service permission does and the effect it may have on my system to exploits?

The network service account is a limited permission account (as you have already found out) so if your ASP.NET application has a bug, for instance, that it's limited as to the damage it could do.

Say, for instance, that your code did some computation on user input and required permissions to write out to the file system based on that user input. Thus, user input is used in determining where the file access occurs (dangerous, but it happens).

The first layer is the .NET CAS (Code Access Security) system. Your code can limit it's own permission set. So if you were doing a potentially dangerous act like touching the file system, your code could explicitly state that it couldn't access anything outside of some temp directory it owned. Thus if for any reason the file location that you end up trying to use is outside the bounds set by the application itself, it would simply result in a failure, no harm done. Of course, by default an ASP.NET 1.1 app won't have permissions to the file system at all. The initial permission set is determined by the <ProcessModel> tag in the %systemroot%\microsoft.net\framework\<version>\config\machine.config file. Check it out if you want. The predefined permission level map to those CAS permission sets you see in the .NET security policy editor (available in the control panels, or directly at %systemroot%\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc).

The second level of permissions are those at the OS level. This is why ASP.NET runs as a special process. Be defualt the process that ASP.NET runs under is limited to what's absolutely necessary to serve net requests.

Preventing ASP.NET from running under the network service process would likely make the system less secure, but there are other levels of protection in place. The account that ASP.NET uses is also set through the process model tag mentioned earlier.

 

[figgie]

That ASPNET user is the key to ASP.NET

without ASPNET user , .NET will not work. It will give you errors especially for security.

BTW

http://www.sysinternals.com/ntw2k/source/filemon.shtml

this will tell you which files you are getting an access is denied and for what user. Very helpful tool to help you troubleshoot problems as the one you encountered

 

[[MS]]

Originally posted by figgie
That ASPNET user is the key to ASP.NET

without ASPNET user , .NET will not work. It will give you errors especially for security.

Actually, that's not the case at all.

You can disable that account and run ASP.NET under any account you want (through the means I already described). By default though it runs under a restricted account because that's more secure.