Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 311094 - Last Review: March 26, 2003 - Revision: 2.1
FIX: "ConfigurationException" Error Message When Impersonated Accounts Read Configuration
This article was previously published under Q311094
SYMPTOMS
If your Web server is under high memory consumption, you may receive the following error message when you browse to ASP.NET pages:
[ConfigurationException]: The XML file c:\inetpub\wwwroot\ASPNETAPP\web.config could not be loaded.
Access to the path "c:\inetpub\wwwroot\ASPNETAPP\web.config" is denied.(c:\inetpub\wwwroot\ASPNETAPP\web.config)
After you receive this error, any other users who access this application receive the error as well, even if they have sufficient permissions to read the configuration files.
CAUSE
When an application is activated, ASP.NET uses the process identity to read configuration data. The configuration data is then cached and reused across subsequent requests.
However, under high memory consumption, ASP.NET may discard configuration data from the cache, which forces it to be read again when it is needed. When this occurs, ASP.NET can use the impersonated identity rather than the process identity to read the configuration data.
This problem does not occur if impersonation is not used for a given
application. In that scenario, only the account in which the process is configured to run needs Read access to the configuration files.
RESOLUTION
To work around this problem, ensure that the accounts under which you may run code have Read (R) access to the configuration files in the application hierarchy. After you apply the Read permissions, restart Microsoft Internet Information Server (IIS).
STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.
This bug was corrected in ASP.NET (included with the .NET Framework) 1.1.
MORE INFORMATION
The default configuration of ASP.NET does not allow configuration files to be accessed through the Web space, regardless of Access Control Lists (ACLs) on the configuration file.
REFERENCES
For an overview on ASP.NET security, see the following Microsoft Knowledge Base article:
306590Â
(http://kbalertz.com/Feedback.aspx?kbNumber=306590/EN-US/
)
INFO: ASP.NET Security Overview
| kbfix kbbug kbconfig kbpending kbreadme kbsecurity KB311094 |
Retired KB Content DisclaimerThis article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please