We have two Win2k3 servers here, one is a domain controller and the other our webserver.
I'm running an ASP.NET MVC web app setup as a website in IIS on the webserver.
I've copied across the x86 remote debugging tools to the webserver, logged in to an admin account and ran msvsmon. I added the user I'm logged into my workstation as to the permissions list.
Opened up the web app project in VS2008 and went to Attach to Process, here are my settings:
Transport: Default
Qualifier: OURDOMAIN\AdminUsername#OURWEBSERVER
Attach To: Managed Code
Selected: w3wp.exe
Upon clicking Attach, the windows flicker for a few seconds and then I get:
Unable to attach to the process. Access is denied.
I've tried right-clicking msvsmon and using Run As to run it under the same account as I'm logged into my machine, but still no difference.
However, if I change the Attach To field to Auto: Native Code, it attaches fine, but I can't debug any of my managed .NET code.
This has me baffled - any ideas?
Anthony
Have you seen this article?
http://support.microsoft.com/default.aspx?scid=kb;en-us;833977&Product=vsnet
It's not clear from your question, but remote debugging requires that the user you are logged into on the remote machine exist on your local machine as well. You basically have to create a local account on your dev machine (yes, that sounds backwards). I'm not sure it respects domain accounts.
Is the code sitting precompiled on the server or in individual uncompiled .cs files?
I've tried right-clicking msvsmon and
using Run As to run it under the same
account as I'm logged into my machine,
but still no difference.
Did you add that account as an administrator in the server? I would try that, and instead of doing Run As, I would effectively log in with that account.
When running server and client in different domains, the plot thickens slightly. In those cases, the trick I use is to create a local account with the same name and same password on both machines. Login with the same account (it is not really the same account) in both machines and launch the remote debugger on the server and VS on the client. If any of the machines in this scenario is running Windows XP, you have to change the Local Security Policy, "Network access: Sharing and security model for local accounts", under "Security Options", to "Classic - local users authenticate themselves".
I have yet to see this work across domains. As with #paul-mrozowski, I've been able to do it on the same domain so long as the user running the debugger server matches your local user AND your able to properly auth against the machine. That last bit can be hampered by firewall configurations.
Related
I'm trying to track down why when the web app accesses a network drive, I see Network path not found (error 53). When I log into the server I can open up a file on that drive with no problem. But the application (asp.net) cannot. I was wondering if this was a permissions error and that lead me to try to find out what the usename of the app is and where I would find that out.
It depends on your OS version and your security settings. Your web-site should have an app pool assigned to it (which may be shared with other applications). By default in windows server 2008R2 the pseudo account ApplicationPoolIdentity is used, which is not really an account.
IIS Accounts
You can check under advanced settings for the app pool and see what it is using. I believe if you have impersonation set up in your web.config, the app pool will access resources using the credentials of whomever is using the application--you can use Kieran's snippet to get that information.
I am developing on my local machine (Windows 7), and using IIS 7. I usually create a new website by right clicking on sites -> Add New Site. Then do the usual stuff by pointing to the physical files, and I'd stop all other websites which I didnt need. I could then run the site on port 80 without any binding conflicts.
I then recently started doing some ASP.NET development. When I published from my VS 2010 to local host I could run the website, and it all worked great. I then stopped the site (asp.net) but I couldnt start any of the other sites (not even the default). I am not sure why.
I started to read about App Pools and someone said to remove all the application pools. So I removed all my application pools (except the default app pool), and I also removed all the websites (as they had a red x next to them).
I now cannot start the default site as the restart, start and stop are greyed out. I cannot find out any way to reset the IIS server. One error I have received is;
the object identifier does not represent a valid object iis7
I dont know really know what this means, and when I search for this error it seems that many people have come across this error but in different contexts.
Is there any way to reset IIS so I can build simple websites again? Do I need to uninstall IIS and reInstall?
Uninstall IIS and reinstall would probably be the easiest and fastest way to accomplish this.
Other than that check the event logs see if you can find any clues there.
You'll want to ensure there is a one-to-one relationship between the number of sites & the app pools that host them. If they are 32-bit apps hosted on a 64-bit server, you'll need to enable this property (set it to True) on the app pool you want to use for your site. You'll want to run:
C:\inetpub\AdminScripts>cscript adsutil SET W3SVC/AppPools/Enable32bitapponWin64 1
The .NET Framework obviously needs to be installed, but then the separate step of running the ASP installation command needs to be done (C:\Windows\Microsoft.NET\Framework\v2.0.xxxx\aspnet_regiis.exe -i). If it already is, re-install them - it could be malfunctioning/corrupt.
After all that, I noticed IIS 7 puts on this generic app pool identity account to run the app pool with. I created a service account, gave this account Admin rights just to see if the site would run, and added it onto the app pool as the "Custom account". I no longer get the HTTP 503 error. The account should have the "Log on as a service" and "Log on as a batch job" rights. If it will be using impersonation and going out to a SQL database, the "Impersonate client after authentication" and "Allow log on locally" rights are also needed (hence why I like just giving it admin privileges to see if it works, first).
I found similar looking issues, however none of the solution i found have worked for me. I do not have much knowledge about IIS or network security so posting my issue here. If anyone has any comments, i would really appreciate.
I am running my webApplication under IIS7.5 on windows server 2008.
-Web Server Machine is not domain controlled.
-Through web application, I am trying to access a network Shared location (machine1 which is also not domain controlled).
I keep on getting this error "System.UnauthorizedAccessException: Access to the path "\\Machine1\Shared\Test.txt" is denied." I am using UNC Path.
I shared the network shared directory with Full permissions to various users including, "everyone", "Network service", "IUSR", "IIS_IUSRS". Just to see it working firstly.
web application is running under IIS in their own application pool with "Managed pipeline mode" as classic and "Identity" as "Network Service".
Note: even tried changing mode to "integrated". It did not work.
I want to run IIS under Network Service. Running IIS under any other user account matching with an user account on network shared is not a solution for me either.
Even though i tried it, could not make it working.
I used process monitor on the network computer which has shared directory and i was expecting network service to access the file, however i do not see any process trying to access the file or create it. I am not sure either Which process is expected to access this file and under which account?
Looking for help.
Every time the ASP.NET application in question throws an error the Global.asax writes to an error file: logs\error.log. The ASP.NET applications works using Windows authentication.
I am able to write to the log file when debugging using Visual Studio, however it does not work when the application is deployed in the live environment. How do I find out what user account I need to give access to: logs/error.log?
The application is deployed on a Windows 2003 Server with IIS6. Microsoft.NET 3.5.
You would have to give the required permissions to the network service account. This link might be able to help you out.
Windows Server 2003 defaults to the "Network Service" account.
This can be verified by opening IIS (expand the computer if needed), expand the "Application Pools" folder, right click on the pool used by your web app, and go to the Identity tab.
FYI: Windows Server 2008 uses the IIS_IUSER instead of Network Services.
I hope that logs folder is a virtual directory setup outside the web site directory.
Otherwise every time you deploy the entire solution you will overwrite the logs folder and its content.
Microsoft has a tool for monitoring file access that can be useful for troubleshooting permission issues.
Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645
You will also want to check if your application is using windows authentication & identity impersonation since that can change the identity the application is executing with when enabled.
My web service needs to open some files located on a remote computer.
From Windows I can do the authentication so I can see those files using the File Explorer.
If I try to open the files from my Web Service while it's running using Visual Studio (ASP.NET Development Server) it also works.
However, if I do everything from IIS it doesn't.
In order to find out where is the problem what I did was to run a network sniffer and I found out that when using IIS, the system will try to use the account 'ASPNET' to login into those remote computers which will obviously fail.
However this doesn't happen if I run from the IDE (Using the ASP.NET Development Server)
I found out that if I use Impersonation for accessing this it will work, the problem is I need to have the same account names on the computer running IIS so I would rather not to do that.
Why is it working from the ASP.NET Development Server and not from IIS? Is there a way to give full access to the ASPNET account?
Thanks and hopefully somebody will be able to help with this. I don't know what else to try...
Any request on IIS is served by the ASPNET user. So the user ASPNET is working. I think you are using XP. On Win2K3 etc, the user is Network Service
But the Cassini (Visual Studio Dev server) runs under the current logged in user.
So the difference is. You need to use impersonation for your need.