This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Weird ACL/Permission Behavior with IIS Virtual Directories
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Feb 05, 2009
03:48 PM
Weird ACL/Permission Behavior with IIS Virtual Directories
I'm part of a team creating installers (Basic MSI) for some custom applications that our organization has developed. We have a collection of services that get installed into virtual directories in IIS. One of our security measures is to implement access priviliges through permission assignment to the physical path that the virtual directories reference.
Everything appears to be working but there is some weird behavior we are seeing when we attempt to access those virtual directories for the first time after an installation.
We have files within each virtual directory that can be browsed as a quick check to make sure the service is running. When we browse the file (by right-clicking the file in the virtual directory listing in Microsoft IIS 6.0 and selecting browse), we normally see the expected display except on the first run. If it's the first time, we get a "Configuration Error":
"An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately...An error occurred loading a configuration file: Failed to start monitoring changes to '' because access is denied."
Regardless of the virtual directory I use to attempt access the first time, I get this error. All I have to do to correct it is modify a single permission setting and then all virtual directory files behave as expected. I can modify the permission using Windows Explorer or by using the IIS GUI. I can change the permission (clicking OK to close the dialog) and then immediately change it back and it fixes it. What doesn't fix it is restarting IIS or rebooting.
Our installer sets up the ACLs for these virtual directories and appears to apply them just fine. But something is happening here that we are unable, and under a time crunch, to figure out. Has anyone seen this type of behavior before and have a suggestion/solution? I can't tell our users that after installing the program they need to toggle a permission setting to get it to work. We are trying to minimize the amount of custom action code we write and use the built in functions of IS as much as possible - but if it comes to that, then so be it.
Everything appears to be working but there is some weird behavior we are seeing when we attempt to access those virtual directories for the first time after an installation.
We have files within each virtual directory that can be browsed as a quick check to make sure the service is running. When we browse the file (by right-clicking the file in the virtual directory listing in Microsoft IIS 6.0 and selecting browse), we normally see the expected display except on the first run. If it's the first time, we get a "Configuration Error":
"An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately...An error occurred loading a configuration file: Failed to start monitoring changes to '
Regardless of the virtual directory I use to attempt access the first time, I get this error. All I have to do to correct it is modify a single permission setting and then all virtual directory files behave as expected. I can modify the permission using Windows Explorer or by using the IIS GUI. I can change the permission (clicking OK to close the dialog) and then immediately change it back and it fixes it. What doesn't fix it is restarting IIS or rebooting.
Our installer sets up the ACLs for these virtual directories and appears to apply them just fine. But something is happening here that we are unable, and under a time crunch, to figure out. Has anyone seen this type of behavior before and have a suggestion/solution? I can't tell our users that after installing the program they need to toggle a permission setting to get it to work. We are trying to minimize the amount of custom action code we write and use the built in functions of IS as much as possible - but if it comes to that, then so be it.
(1) Reply
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Feb 05, 2009
05:03 PM
I ended up deleting some components associated with the virtual directories and recreated them. That fixed the problem. Not sure how it got out of whack. Interesting behavior though...and one I won't soon forget.