Xcopy Deployment - Access Denied Error

[Boxman]

Hi

I have been asked to migrate a long-standing and stable asp.net application
from a W2k server on one NT domain on our intranet to another W2k server on
another NT domain also on our intranet. The application was written in
C#.NET using Visual Studio 2002 and v1.0 of the .NET Framework.

As we don't use Frontpage extensions on the servers (both run IIS5) I have
used Xcopy to copy the files from the original server across the WAN to the
new server. I have configured a virtual directory in IIS for the
application. The anonymous account is disabled and the application uses NTLM
(Windows) authentication throughout (including to access the SQL Server 2000
database).

When I try and access the application on the new server I get "Access is
Denied" - so I guess a permissions issue

The web.config file is set for impersonation=true and nothing else is
different in the application except for the database connection strings
which are pointed at the new server (the web app and SQL Server are on the
physical box).

Any thoughts or is this a bug in the impersonation function?

thanks

Bob

 

[Ken Cox [Microsoft MVP]]

I'm wondering if the old box' s machine.config was using

<processModel userName="machine" password="AutoGenerate" />

whereas the new one still has

<processModel userName="SYSTEM" password="AutoGenerate" />

http://support.microsoft.com/default.aspx?kbid=317012&product=aspnet

 

[Boxman]

I'm using Windows NTLM Authentication so I don't think it's the password is
the issue.

The actual error is:

[ApplicationException: Access is denied.
]
System.Security.Principal.WindowsIdentity._ResolveIdentity(IntPtr
userToken) +0
System.Security.Principal.WindowsIdentity.get_Name() +71
System.Web.Configuration.AuthorizationConfigRule.IsUserAllowed(IPrincipal
user, String verb) +100
System.Web.Configuration.AuthorizationConfig.IsUserAllowed(IPrincipal
user, String verb) +81
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source,
EventArgs eventArgs) +156
System.Web.SyncEventExecutionStep.Execute() +60
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87

Any thoughts?

Bob

 

[Boxman]

Ken

Thanks for your thoughts.

I've been working on this all day now and have discovered that the migrated
applications work fine on the new (deployment) server IF I use the following
in web.config:

<identity impersonate="true" userName="mylogondomain\myusername"
password="mypassword" />

Of course I need all users to be able to access the application (and SQL
backend) using their own NT account credentials - per the original server.

I would like to narrow down the work that I need to do to isolate this
problem but as far as I can see the only difference between the original
application architecture and the new deployment is:

- The new server is on a different (trusted) NT domain
- The original deployment was at c:\inetpub\wwwroot\myapplication
- The new deployment is at F:\Sites\myapplication

This is very frustrating but I keep telling myself it is good experience!

I guess the issue is with the ASPNET local account permissions either
somewhere within the .NET Framework (v1.0 SP2) or the application folder but
I have checked again and all permissions for .NET seem to be correct
(default) and the application folder also has sufficient permissions for the
ASPNET account.

Just to remind you my original web.config entry is <identity
impersonate="true" /> and nothing else.

Any help much appreciated!

thanks

Bob