ASP.Net Security Problems.

[CES]

All,

I'm having a problem running a Web Application (using vb.net), I receive a
Parser Error Message: Could not load type 'WebApplication1.Global', when
ever I attempt to start the Web Application.

I've been able to narrow it down to a security problem because when I moved
the Web Application to Fat32 drive, the problem went away ( the WebApp also
works on my production site that is maintained on my ISP) . so it is a
security problem!!!

I've added permissions for both the "aspnet_wp account" and "Internet Guest
Account" (granting full access to both accounts) to the following
directories:

D:\Inetpub\wwwroot
D:\Inetpub\wwwroot\WebApplication1
D:\WINDOWS\Microsoft.NET\Framework\v1.0.3705
D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

But I'm still getting the error. Can anyone think of another place where
permissions need to be changed / added???

CES

 

[Dmitry Kulshitsky]

Make sure ASPNET account has Read Execute Permissions on
all folders under %systemroot%\System32 except INETSRV and
CERTSRV

Also, assign read permissions to the "assembly" folder
Cacls c:\winnt\assembly /e /t /p [machinename]:aspnet:R
assuming that your installation resides in c:\winnt

For further info please refer to
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnetsec/html/SecNetHT01.asp

Hope this helps.

Dmitry

-----Original Message-----
All,

I'm having a problem running a Web Application (using vb.net), I receive a
Parser Error Message: Could not load

type 'WebApplication1.Global', when

 

[Roger Abell]

I am not sure with v1.1 because systems I use were tweaked
at v1.0, so this may or may not be needed. However, v1.0
required that the Aspnet_wp account had at least List on all
folders in the parental chain from the web app location up
to and including the root of the partition.

 

[CES]

Roger,
By List if you mean "List Folder Contents" the answer is I've already dun
that, by granting full permissions to all of the folders listed in the first
message for the "aspnet_wp account" and "Internet Guest Account". All
folders under these folder's inherit the permissions of it's parent. But
I've also check the security settings on :

Temporary ASP.NET Files
CONFIG
MUI
ASP.NETClientFiles
1033

and all have full privliges for the aspnet_wp account, thats what makes this
so strange??? Also if permisions were incurect on any of the
Microsoft.NET\Framework folder the Web Application wouldn't work when I move
it to a Fat32 drive but it does. It onl;y stopes working on a NTFS drive.

CES

 

[CES]

Dmitry,

I'm not sure I understand your suggestion because the error only accurse if
the webroot is on
an NTFS drive, if I move the site to my FAT32 drive the Web Application
works???

That would lead me to believe that the OS folders that you mentioned have
the correct permissions??
CES

Make sure ASPNET account has Read Execute Permissions on
all folders under %systemroot%\System32 except INETSRV and
CERTSRV

Also, assign read permissions to the "assembly" folder
Cacls c:\winnt\assembly /e /t /p [machinename]:aspnet:R
assuming that your installation resides in c:\winnt

For further info please refer to
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnetsec/html/SecNetHT01.asp

Hope this helps.

Dmitry

-----Original Message-----
All,

I'm having a problem running a Web Application (using vb.net), I receive a
Parser Error Message: Could not load

type 'WebApplication1.Global', when

ever I attempt to start the Web Application.

I've been able to narrow it down to a security problem because when I moved
the Web Application to Fat32 drive, the problem went away ( the WebApp also
works on my production site that is maintained on my ISP) . so it is a
security problem!!!

I've added permissions for both the "aspnet_wp account" and "Internet Guest
Account" (granting full access to both accounts) to the following
directories:

D:\Inetpub\wwwroot
D:\Inetpub\wwwroot\WebApplication1
D:\WINDOWS\Microsoft.NET\Framework\v1.0.3705
D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

But I'm still getting the error. Can anyone think of another place where
permissions need to be changed / added???

CES


.

 

[Roger Abell]

Yes, that is the list permission.
Your post did not mention any grants in the
parential chain of D:\Inetpub\wwwroot
up to and including D:\

 

[CES]

Roger,

I lied to you i'm not using a local path for my wwwroot, I'm using a network
share which is the problem. below is a new post to the IIS and aspnet news
folders, aperently the ASPNEt account can't conect over network shares even
if that share is to that same computer:

Thank CES

All,

If anyone has been following my trials over the last week see(Setting up a
Web Application on IIS 5.1 and ASP.Net Security Problems).

I'm having a problem running a Asp.Net Web Application. I've finally
narrowed the problem down to a security issue: The ASPNET (aspnet_wp)
account cannot connect to a Network resource instead of using a local path
ie: C:\Inetpub\wwwroot my development site resides on a Network Share
(\\{MyServerName}\wwwroot).

Every thing works fine is I connect to the site using a local path but I get
a Parser Error Message: Could not load type 'WebApplication1.Global'.
Source Error:
Line 1: <%@ Application Codebehind="Global.asax.vb"
Inherits="WebApplication1.Global" %>

If I try to load the page from a shared resource (\\Server\xxx)

I've tried adding this line to the web.config file imeditly under the
<authentication mode="Windows" /> tag - in the applications root directory
but I'm still unable to connect:
<identity impersonate="true" userName="{MyServerName}\{UserName}}"
password="{Password} " />
Policy editor

I have even tried creating a virtual directory to the folder even though the
Web Application is below the wwwroot.

FYI I've tried every possible combination of the
{MyServerName}\{UserName}"ie server\administrator / SERVER\administrator /
Server\Administrator etc.

Everything I've seen posted seams to suggest this should have worked. I'll
be very grateful for any help.

CES