Sitecore permissions issue - asp.net

I have a sitecore site running on .NET 4.0 and IIS 7.5 on Windows 7 machine.
While setting up sitecore, I had installed only the sitecore client and then set up IIS7. I think some permissions have got messed up because of that.
Whenever I try to change a code file in my website in Visual Studio, it gives me a message that I don't have any permissions to modify the files. I can overwrite the existing one, however, this is not normal.
Also, I have ApplicationPoolIdentity set as my Identity for my Application Pool. Whenever I try to go to sitecore desktop it doesn't work, however I can go to content editor upon login. Even after logging in, if I try to go to sitecore desktop mode like /sitecore/shell/default.aspx, the page never loads and the progress wheel just keeps spinning.
It happens in FF, Chrome and IE so it can't be a browser issue.
I checked the permissions of various folder and they all look fine. System, Administrator and Local computer user have full control on the website folder and the files and folders underneath it.
It would be great if someone can help in trying to figure out the right configuration and settings for my website folder.

Firstly, as per the best practice of installing Sitecore, we should set the identity as NetworkService.
So please do 2 things:
Change the Identity in Application Pool as Network Service
Make sure that Website and all its descendants + the Data Folder and all its descendants have Read & Write access for Network Service.
Mostly this should work.
Regards,
Varun Shringarpure

Does IUSR have "Read" permissions on the \Website folder and on all descendants?
Additionally, you may want to look at the Sitecore logs under the \Data\logs folder. You may be having a database connectivity issue that may show up there.

Related

ASP.NET - Publishing a web site to IIS

What is the difference between publishing a website to {localdrive}\inetpub\wwwroot and anywhere else on the web server e.g. C:\Website.
I have noticed that I am always left with a directory and a website in the IIS console if I publish to {localdrive}\inetpub\wwwroot.
After reading articles on MSDN, I am still unclear of the difference. I realise that there is probably a simpe answer to this, but I cannot find it.
The web path / is already mapped to c:\inetpub\wwwroot, so /abc is mapped to c:\inetpub\wwwroot\abc automatically.
When you publish to c:\website, you need to set up a virtual path manually.
Nothing too much as your website path in IIS can point to any directory. However, that being said always double check your directory permissions and security settings. In addition, I guess if a hacker did compromised your webserver... the default c:\inetpub\wwwroot is well known.
And just for good measure in case you are having issues - check out the Aspnet_regiis.exe tool on MSDN as it usually solves a lot of issues for folks.
{localdrive}\inetpub\wwwroot is usually used for the default web site that comes with IIS.
Additional Microsoft products use the same directory and take advantage of the virtual directories that exist in the default site.
If this is your personal web site, or a web site you created from scratch, you can publish anywhere you want.
Before you publish, you need to make sure IIS knows where the directory will be, and you need to assign the correct permissions for that folder.
The default website in IIS is mapped to C:\inetpub\wwwroot by default, so publishing to wwwroot makes it easy to add applications as virtual directories.
However, you can publish wherever you like, and either point a virtual directory or new website at your publication location. You simply need to make sure user the App Pool is running as (usually IUSR under IIS7, IUSR_MachineName under previous versions) has read/execute permissions on the folder you are publishing to.
Although they say Virtual Directory created by default for your website in wwwroot and you don't have to configure it again. Many times I found we still have to go there and click on Remove and then click on Create button again :)
Thus it is almost no problem if you create your website outside wwwroot, only difference outside you have to give full path of VD and inside you have to click Remove and then Create button
The problem I had was different from all of the above. I was trying to publish in "C:\inetpub\wwwroot" and the publish failed every time. Than i changed the publish folder to another and it worked. When I launched visual studio as administrator I could copy to C:\inetpub\wwwroot also without problems

How to set up a asp.net application on IIS

I've copied a whole folder which keeps a website inside from a web server to another computer.From the original server I can easily run the web application. Now I need to know what exactly I have to do in order to be able to run the application on the second computer too. I think there are some special considerations with IIS. What and how do I have to set up in IIS?
Follow these steps.
create a new site from left menu By right clicking and add new website.
Give physical path to that folder
Map with the site url
Give permissions to Directory as (like everyone)
Set up the default page if (index page is not present in the directory)
Set framework which ever you are using.
Install the IIS Windows component for whatever version of Windows you're using.
Create a new site in IIS
Point this new site to your web root
Configure DNS for the site (maybe using your hosts file)
There are some considerations to make depending on which version of IIS you are using. It would be helpful to know if you are using 6 or 7.
If you are under 7, you need to copy the site to your IIS directory (typically wwwroot) and then setup the basic settings in IIS by choosing your application pool and such. Application pools are typically (but not always) setup by .Net Framework. You may need to setup your default page and set it as an application. There are many blogs and sites out there that will tell you how to setup this basic functionality but are specific to your application.
For configuring IIS
1. Firstly, in Programs and features go to Turn on and off windows features...in that tick everything under IIS..go to sub folder and tick everything everywhere
Go to Internet Explorer> Setting> Internet Options> Advanced> untick Show friendly http error messages option
Go to IIS manager
a. In default application pool> advanced settings > Set true enable 32-bit program option
b. Go to Asp> setting> expand debugging properties> there will an option of error messages some 2nd last or last option that would be false...set it to true..apply changes
Run vbscript and asp only in Internet Explorer (edge 10 in developer options for pop ups)

IIS 7 - Static Content Attempting Authentication

I have a WebForms application hosted in IIS 7. When I run the site from Visual Studio 2010, my static content all loads perfectly. We have the same site hosted in another production environment and the site works great there also.
However, when I am trying to host the site in a new production environment, it is giving me a status code of 302 Found whenever it attempts to load the static content.
When I open up Chrome's Developer Console and look at the network, it shows this:
/login.aspx?ReturnUrl=%2fjs%2fjquery.js
This leads me to believe that something in IIS7 is forcing authentication to occur on static content. Is there anything I should check to see what the likely cause of this problem is?
Ok, for whatever reason, I had to add the IUSR user and give it access to Read on my web apps. I am not sure what changed that made this a requirement. If anyone knows, please feel free to add comments.
If you set the same permissions as for wwwroot folder the problem disappears:
Users and IIS_IUSRS - read access

No access to files in iis7 mvc app - server 2008 r2

I've just installed windows server 2008 r2 along with visual studio and dropbox. I'm using it as a VM for development and dropbox helps me keep my files in sync with other machines.
I've got my site set up in IIS but I'm getting an access denied error when trying to view the site. I've had this before and to get around it in the past I've gone through and added the IIS_User account to the list of permissions to read/modify the files. I assume because the file's have been copied down with drop box the files don't have the necessary permissions. Here's the bugger, I can't batch update the files by modifying permissions on a folder, I'm having to do it right to the file level and even worse, one at a time! I can't have this.
I'm relatively new to 2008 r2 and IIS 7 so I have no idea what's happening here. Can someone explain what is going on and if there's an IIS/file permission setting I can update to resolve it at the top level folder?
I've tried adding anonymous permssions on the website in IIS and I've added permissions on the folder for IIS_User (even Everyone). I have an Administrator account and that's already set to allow me to read/write/modify the files.
This is typically the message I'm getting 'An error occurred loading a configuration file: Access to the path X is denied'.
This is happening on ascx & aspx files as well as config files.
Edits:
The site is visible when debugging from Visual Studio.
The site is operating in Full Trust (internal)
Please help, this is stopping me from working and driving me insane!
By default in IIS 7, websites run as the local system's network account (NetworkService), not as IIS_User.
To verify, in IIS Manager, select the Site in question, click Basic Settings... and check the Application Pool it is assigned to. Then go into Application Pools and check the Identity for that Application Pool. Make sure that user listed is in the ACL.
Adding Everyone to the ACL should work instead, but just in case I would suggest you check the above. Also of course make sure when you set the ACL to check the box for resetting inheritance on all subfolders, if that is appropriate for your application.
You could also try setting the identity of the application pool to a local (or domain) user you have created which has access to your application directory.
Hope that helps.
Regarding whether other identities would work for your app pool, that depends entirely on whether those identities have permissions to all the files and/or databases and other resources you application needs to access. Right now you have the application running under your user account, which is generally not recommended. IIS has your password cached, and if you change it, your application will stop working until you update the application pool configuration.
As far as setting NTFS permissions, it can get tricky. Once you have disabled permissions inheritance, that file or folder will need to be updated individually every time you need a permission change. The flip side of this is that you cannot remove inherited entries on an ACL, you can only add to them. However you can design a strategy that offers a baseline level of permission at the root of a file structure, and then add permissions to subfolders/files.
In order to check & reset inheritance on a folder, go into its properties, security tab, click advanced, then click Edit. You can see whether this folder inherits permissions from its parent, and optionally wipe out all subfolder/file permissions and enable inheritance on all child folders & files.
Hope this helps.

Quick Question About IIS 7 Asp.Net Setup

I have been trying to configure a small website on a Windows Server 2008 running IIS 7. Unfortunately, when trying to load the website I keep getting the error: Server Error 401 - Unauthorized: Access is denied due to invalid credentials.
The permissions on the website folder include read, write, and execute for user ASP.NET v4.0. I even clicked "Check names" before adding the user to folder, to make sure that I spelled everything correctly. But the error continues to show. Also, I noticed that everything works okay if I add "Users" to the permissions for the folders containing the website, but I don't see why this should be necessary. I only want to give ASP.NET v4.0 access to the folder.
Some other noteworthy points include that I'm using the ASP.NET v4.0 application pool, that the managed pipeline is integrated, and that load user profile is set to true.
If anyone has any ideas, I'd appreciated the help. I'm stumped!
EDIT: Does it matter that the website is on the d: drive? I just assumed this wasn't important...
I find I always need to give IIS_IUSRS access.
I'd recommend you to use the Process Monitor to detect which user is actually accessing the file.
Here you'll find an explanation about how to achieve that.
Open IIS7 on the server. Highlight the site, and double-click on the Authentication icon in the Security Section. Check that Anonymous Authentication is enabled.
Some troubleshooting links for this particular issue:
http://support.microsoft.com/kb/902160
http://support.microsoft.com/kb/907273

Resources