VS.NET 2005 and the "allowDefinition='MachineToApplication'" error
death...@gmail.com
Visual Studio .NET 2005 -- it worked, I saved it and closed the
project. Today, I came back to the project, reopened the solution, and
was greeted with the following error:
========================================================================
It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
========================================================================
I did some searching on Google, and all of the solutions to this
problem involved tweaking IIS. The thing is, I didn't have to touch
IIS when I wrote, compiled and ran the ASPX the first time around --
why would I have to do it during a subsequent visit?
If anybody has any suggestions on how to resolve this problem, I would
greatly like to hear them. Thanks in advance!
-= Tek Boy =-
Alvin Bruney [MVP]
it *somehow became unmapped. If it is, just create a new virtual directory
pointed to the application. And watch out for the little elves that change
things when no one is looking :-)
--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET
www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
<death...@gmail.com> wrote in message
news:1163111193.7...@f16g2000cwb.googlegroups.com...
Peter Bromberg [C# MVP]
an IIS application.
Peter
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
death...@gmail.com
touched IIS on my machine to date, which is running a vanilla
installation of Windows XP Professional and Visual Studio .NET 2005.
Do I need to create a virtual directory for each and every project I
want to test?
I thought VS.NET 2005 came with its own internal IIS-Lite webserver,
which is why you can debug a project without configuring IIS, and which
is why you also see a dynamic port number when you debug a script
without actually deploying it. Is that belief mistaken?
-= Tek Boy =-
death...@gmail.com
first time around, but I'll give this a shot, anyway.
How do I configure a web project as an IIS application? I'm running
Windows XP Professional, so I can only have one IIS "web site". I
tried setting up a virtual directory beneath the default web site that
pointed to the folder where my code lives, and made sure the "Virtual
Directory > Application Settings > Application name" field in IIS had a
value (it does). When I tried to access the application
(http://localhost:99/tinkering/FirstPage.aspx), I get the following
error:
==========================================
Server Application Unavailable
The web application you are attempting to access on this web server is
currently unavailable. Please hit the "Refresh" button in your web
browser to retry your request.
Administrator Note: An error message detailing the cause of this
specific request failure can be found in the application event log of
the web server. Please review this log entry to discover what caused
this error to occur.
==========================================
So I went ahead and opened up the "Event Viewer > Application" window,
where I saw the following detailed error message:
==========================================
Failed to execute the request because the ASP.NET process identity does
not have read permissions to the global assembly cache. Error:
0x80070005 Access is denied.
==========================================
I've heard of the GAC, but I don't know enough about it to fix my
problem, or even know where to start.
-= Tek Boy =-
Juan T. Llibre
> Do I need to create a virtual directory for each and every project I
> want to test?
No. Only for the ones which use sections defined as
allowDefinition='MachineToApplication' in its configuration file.
re:
> Is that belief mistaken?
No, it's not, but the same rules apply for the internal web server as for IIS.
If you need to use 'MachineToApplication' sections, you must create a virtual directory.
Take a look at machine.config.comments in:
Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG
Search for allowDefinition="MachineToApplication" in that file.
You will find 17 sections marked as allowDefinition="MachineToApplication".
If you use any of those sections, you'll need to create a virtual directory.
If you don't use any of those sections, you don't need to create a virtual directory.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163169612.2...@m73g2000cwd.googlegroups.com...
death...@gmail.com
So whether or not I need to use a virtual directory depends on whether
I make use of any of the sections that have
[allowDefinition='MachineToApplication'] in machine.config.comments?
I'm assuming I can determine what sections I use by poring over all the
"using <namespace>" statements at the top of my code-behind -- is that
correct? Here's a list of those using statements from the top of my
codebehind (CS) page:
==============================================
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Globalization;
==============================================
>From what I can tell, I don't use any of the namespaces
[allowDefinition='MachineToApplication'] declared in the
machine.config.comments file. Or am I still missing something?
-= Tek Boy=-
Peter Bromberg [C# MVP]
80. Are you sure you aren't confusing this with the built-in VS2005
development web server, whic always uses a random non-defauilt port ?
Juan T. Llibre
> Failed to execute the request because the ASP.NET process identity does
> not have read permissions to the global assembly cache. Error:
> 0x80070005 Access is denied.
> problem, or even know where to start.
The GAC is located in the directory : \windows\assembly.
Your ASP.NET identity doesn't have permission to read/execute the files in the GAC
Did you change the ASP.NET identity from the default MachineName\ASPNET ?
( for Windows XP installations... )
If you haven't changed the default identity ( by impersonating a different account... ),
you'll need to assign sufficient permissions to MachineName\ASPNET for that directory.
Warning :
You cannot use Windows Explorer to directly edit ACLs for this folder.
Instead, run the following command using your machine's name in place of MachineName:
cacls %windir%\assembly /e /t /p MachineName\ASPNET:R
That will assign, to your ASP.NET identity (MachineName\ASPNET),
the permissions needed to access the assemblies in the GAC.
If you are impersonating a different account, either change the impersonated account
to MachineName\ASPNET, or assign the permissions to the account you're using.
If you did change the impersonated account, you might also have to assign permission
to access, to that account, the directories listed in this MSDN article :
http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163170406.5...@k70g2000cwa.googlegroups.com...
Juan T. Llibre
in order to override default settings set in machine.config.
Check your web.config...and see which setting you're using which overrides a default
machine.config setting which is configured as allowDefinition='MachineToApplication'.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163171471.1...@e3g2000cwe.googlegroups.com...
death...@gmail.com
My apologies: my boss told me he changed the default port from 80 to 99
for security reasons. I just changed it back and tried to access the
page again (http://localhost/tinkering/FirstPage.aspx), but the same
errors appeared, both on the ASPX page and in the Application log.
death...@gmail.com
I ran the script you suggested, replacing the [MachineName] placeholder
text with my own computer's name. A whole list of stuff was displayed
(the names of the files that had permissions recursively applied to
them?), so I assume it worked, but is there a way to confirm or view
who has permission to access to GAC? When I view the
[\windows\assembly]'s properties (right-click folder > Properties), a
Security tab isn't present, so I'm guessing it's a special folder...
Anyway, I re-started IIS and tried to access my ASPX page again -- same
problem. Btw, while re-checking the Application log I noticed a
warning before the GAC errors occurred:
==========================================
Exception: System.IO.FileLoadException
Message: Could not load file or assembly 'System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its
dependencies. Access is denied.
==========================================
I'm not sure if that helps, or merely confirms that the problem is
related to GAC permissions, but I thought I'd post it just in case. I
don't believe I changed the ASP.NET default identity, but just in
case, is there a way to reset it -- or is that what your script did?
I'm more than happy to reset any necessary settings... this is my dev
machine, after all.
-= Tek Boy =-
Juan T. Llibre
> I don't believe I changed the ASP.NET default identity, but just in
> case, is there a way to reset it -- or is that what your script did?
The script only assigned access permissions to MachineName\ASPNET
It doesn't change the default identity.
The only way to "reset" the impersonated account is to
manually change the impersonation web.config entry:
<identity impersonate="true" username="SomeAccount" password="P@ssw0rd" />
If you want to use the default configured account, eliminate that entry, or configure it as :
<identity impersonate = "false" />
Did you check to see that the directories listed at :
http://msdn2.microsoft.com/en-us/library/kwzs111e.aspx
allow access to the machinename\ASPNET account ?
The easiest way to assign correct permissions to all required directories is to run :
aspnet_regiis -ga MachineName\ASPNET
from a command-line in the .Net Framework directory
( assuming that MachineName\ASPNET is the configured ASP.NET identity )
You may as well verify the account which ASP.NET is running as.
To do that, save the following code as "identity.aspx" and run it.
identity.aspx:
-------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = "ASP.NET is running as the account : " & tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
------------
Running that script will return the configured ASP.NET account.
The above suggestions ONLY work if you're using the .Net Framework 2.0.
Make sure your virtual directory is configured to use it ( in the MMC's ASP.NET tab ).
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163173703.9...@h54g2000cwb.googlegroups.com...
death...@gmail.com
here's my directory structure:
C:\...\tinkering\ (set up as a virtual directory:
http://localhost/tinkering/)
======================================================
\tinkering\GeneralFunctionsAttempt01\
\tinkering\GeneralFunctionsAttempt01\Default.aspx
\tinkering\GeneralFunctionsAttempt01\Default.aspx\Default.aspx.cs
\tinkering\GeneralFunctionsAttempt01\Web.config
\tinkering\FirstPage.aspx
\tinkering\FirstPage.aspx\FirstPage.aspx.cs
\tinkering\Global.asax
\tinkering\Tinkering.sln
\tinkering\Web.config
======================================================
I was trying to run the ASPX script at
http://localhost/tinkering/FirstPage.aspx, so I had opened the
directory in Visual Studio .NET 2005 (File > Open Web Site >
[C:\...\tinkering\] ). When I tried to compile everything (F5), errors
were raised. However, once I excluded
[\tinkering\GeneralFunctionsAttempt01\Web.config] from the project,
everything recompiled again. My guess is that I created the
[GeneralFunctionsAttempt01] project a few days ago, then created the
[FirstPage.aspx] project in the parent folder -- and that might have
caused problems.
Including [\tinkering\GeneralFunctionsAttempt01\Web.config] still
causes compiling [\tinkering] to fail. Are Web.config files only
allowed in virtual directory and IIS website root directories?
-= Tek Boy =-
death...@gmail.com
around in many threads, but I always thought it had to do with
traditional ACL / security settings -- I didn't realize it was an
ASP.NET config file setting until just now. So thank you for that.
I just posted ( http://tinyurl.com/yh3als ) a reply to my original,
top-level cry for help. Long story short: I think the problem was that
I had another folder with ASPX code (and a Web.config file) nested
within the folder I was trying to compile. I'm guessing -- and please
correct me if I'm wrong -- that you can only have a Web.config file in
the root directory of the folder you're trying to compile, or the root
directory of folders that are set up as virtual directories (and
therefore have values for Application Name and Starting Point in IIS).
Does any of that make sense? I'm working backwards, trying to figure
out how things work based on when I encounter errors. You, OTOH, know
more about why things work they way they do, and I'm hoping you can
confirm or refute my ideas based on your experience.
Peter Bromberg [C# MVP]
If you have a web.config in a lower folder that ISN'T an IIS application,
that's the message you will get.
Juan T. Llibre
> Are Web.config files only allowed in virtual directory and IIS website root directories?
You can include a web.config file in every directory you have in your app.
The only warning is that you can't include MachineToApplication configurations
in web.config files in directories which haven't been configured as virtual directories.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163176970.6...@m73g2000cwd.googlegroups.com...
death...@gmail.com
So we're saying the same thing, then? That I'll run into problems if I
include Web.config in any directory besides the root, AND has not been
configured as a virtual directory? And _that_ is what the
MachineToApplication error indicates?
-= Tek Boy =-
Juan T. Llibre
<compilation debug="true"/>
<authentication mode="Windows"/>
from \tinkering\GeneralFunctionsAttempt01\Web.config
\tinkering\GeneralFunctionsAttempt01 will inherit those settings from the root web.config.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163185159.0...@k70g2000cwa.googlegroups.com...
Then I'm still fuzzy on how I'm making use of MachineToApplication
configurations. Here's the content of the
[\tinkering\GeneralFunctionsAttempt01\Web.config] file -- the file
that, if I exclude it from the project, allows me to recompile
successfully again.
[C:\...\tinkering\GeneralFunctionsAttempt01\Web.config]
===============================
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="pageTitlePrefix" value="[Testing.com]"/>
</appSettings>
<connectionStrings>
<add name="MasterDatabase" connectionString="[removed]"/>
</connectionStrings>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
</system.web>
</configuration>
===============================
And here's the Web.config file from the root folder I have opened in
VS.NET 2005:
[C:\...\tinkering\GeneralFunctionsAttempt01\Web.config]
===============================
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
</system.web>
</configuration>
===============================
I don't see anything at all about MachineToApplication configurations
in either one of those files. Or am I still missing some central idea
here?
-= Tek Boy =-
Juan T. Llibre
> I'll run into problems if I include Web.config in any directory besides the root,
> AND has not been configured as a virtual directory?
You can include web.config in any directory, as long as
that web.config doesn't include any MachineToApplication
configurations, if the directory isn't a virtual directory.
See my just-sent reply.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163185690....@m73g2000cwd.googlegroups.com...
death...@gmail.com
I was able to resolve my problem (see end of this post) with the help
of Juan T. Llibre, Peter Bromberg and Alvin Bruney. I'm posting a
summary of what the problem was, and how I solved it, in case anybody
else happens across this post.
1) The error message I saw occurred because I had two Web.config files
in my application: one in the root folder (which is OK), and one in a
subfolder (which was causing the problem). Here's what my problematic
Web.config file looked like:
========================================================================
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
</system.web>
</configuration>
========================================================================
2) Everything looks correct. However, I make use of the <compilation>
and <authentication> elements, which is where the "
allowDefinition='MachineToApplication'" error message comes from. At
Juan T. Llibre's direction, I opened up the machine.config file for the
version of the .NET Framework v2.0 I was using: for me, that file was
located at [
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config ].
I then did a string search in that file for [
allowDefinition="MachineToApplication" ], at which point I came across
the following lines of code:
========================================================================
<section name="authentication" type="<snip>"
allowDefinition="MachineToApplication" />
...
<section name="compilation" type="<snip>"
allowDefinition="MachineToApplication" />
========================================================================
3) You'll notice that the "name" property of each of those sections ([
name="authentication" ], [ name="compilation" ] matches the name of
the elements from my Web.config file ( <authentication>, <compilation>
). MSDN documentation ( http://tinyurl.com/y9lyc4 , "allowDefinition >
MachineToApplication" section ) gave me a bit more information about
what that "MachineToApplication" value means:
========================================================================
MachineToApplication - Allows the section to be configured in one of
the following files:
- Machine.config.
- Root Web.config.
- Web.config for an application.
This excludes Web.config files in virtual directories or a physical
subdirectory in the application.
========================================================================
4) The solution, which Juan T. Llibre ended up providing me, was to
remove the <compilation> and <authentication> elements from the
Web.config file in the subdirectory BELOW THE ROOT FOLDER. In my case,
I didn't have a reason to keep that file, so I deleted it, but here's
what it would have looked like:
========================================================================
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
</system.web>
</configuration>
========================================================================
Thanks to everybody who helped walk me through this Scooby-Doo mystery
over the course a full workday. I really appreciate the help!
-= Tek Boy =-
death...@gmail.com
your help... I really, really appreciate it.
Juan T. Llibre
> Thank you again for your help... I really, really appreciate it.
You're really, really, welcome!
;-)
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
<death...@gmail.com> wrote in message
news:1163431093.4...@h48g2000cwc.googlegroups.com...