This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ScottVA
Level 3
‎Feb 05, 2009 03:48 PM

Weird ACL/Permission Behavior with IIS Virtual Directories

I'm part of a team creating installers (Basic MSI) for some custom applications that our organization has developed. We have a collection of services that get installed into virtual directories in IIS. One of our security measures is to implement access priviliges through permission assignment to the physical path that the virtual directories reference.

Everything appears to be working but there is some weird behavior we are seeing when we attempt to access those virtual directories for the first time after an installation.

We have files within each virtual directory that can be browsed as a quick check to make sure the service is running. When we browse the file (by right-clicking the file in the virtual directory listing in Microsoft IIS 6.0 and selecting browse), we normally see the expected display except on the first run. If it's the first time, we get a "Configuration Error":

"An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately...An error occurred loading a configuration file: Failed to start monitoring changes to '' because access is denied."

Regardless of the virtual directory I use to attempt access the first time, I get this error. All I have to do to correct it is modify a single permission setting and then all virtual directory files behave as expected. I can modify the permission using Windows Explorer or by using the IIS GUI. I can change the permission (clicking OK to close the dialog) and then immediately change it back and it fixes it. What doesn't fix it is restarting IIS or rebooting.

Our installer sets up the ACLs for these virtual directories and appears to apply them just fine. But something is happening here that we are unable, and under a time crunch, to figure out. Has anyone seen this type of behavior before and have a suggestion/solution? I can't tell our users that after installing the program they need to toggle a permission setting to get it to work. We are trying to minimize the amount of custom action code we write and use the built in functions of IS as much as possible - but if it comes to that, then so be it.
Labels (1)
Labels
0 Kudos
(1) Reply
ScottVA
Level 3
‎Feb 05, 2009 05:03 PM

I ended up deleting some components associated with the virtual directories and recreated them. That fixed the problem. Not sure how it got out of whack. Interesting behavior though...and one I won't soon forget.
0 Kudos