Cannot read configuration file due to insufficient permissions

1
votes

So I have looked at similar questions to this such as here.

I cannot for the life of me figure out what is wrong. I am trying to setup an asp.net website. The website is stored on the D: Drive of the server. In IIS8 (windows server 2012) I point to the web folder where the web.config file is located. I have given the IIS_IUSRS group read access to the whole D: Drive as well as IUSR and Network Service which are part of the IIS_IUSRS group. I keep getting the error. I set up authentication as basic authentication. I have restarted the website. I have tried many things but have reached an impass. This is all on localhost. Does anyone have any more ideas as to why this may be happening? Could it possibly a configuration in my web config? This website is being ported from an IIS7 website. If you need specifics from my webconfig I can give you that however a lot of it contains sensitive information.

Error:

HTTP Error 500.19 - Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.

Detailed Error Information:

Module IIS Web Core

Notification BeginRequest

Handler Not yet determined

Error Code 0x80070005

Config Error Cannot read configuration file due to insufficient permissions

Config File \?\D:\Applications\Portal\Portal.Web\web.config

Requested URL localhost:80/Portal

Physical Path D:\Applications\Portal\Portal.Web

Logon Method Not yet determined

Logon User Not yet determined

Request Tracing Directory C:\inetpub\logs\FailedReqLogFiles

Config Source: -1: 0:

3
asp.netiis-8windows-server-2012

3 Answers

2
votes

[1]. Get it working for anonymous users first. Then tighten-down the permissions.

If it doesn't work for anonymous users, look up the name of the application pool (in IIS). In the IIS Pools, look up the identity that the app pool is running under. Grant that account read permissions.

[2]. Have a look in the server logs (Control Panel, Administrative Tools, Event Viewer, System) to see more information about the error.

Also, keep in mind that anyone who is authenticating to the site as a non-anonymous user, needs (read) permissions to the web content. You can test/eliminate that as a possible issue by temporarily granting read permissions for the "Everyone" group to web.config (at the file-system level). Don't leave it that way. Just use this approach for testing the permissions.

1
votes

You can check to see what user the website is running as by opening IIS Manager and checking the application pool. Click on the application pool that the site is using and then in the Actions pane select Advanced Settings. Check under identity. If it is set to ApplicationPoolIdentity, you will need to add that to the web root folder. You add this by manually typing in "IIS APPPOOL*apppoolname*" where apppoolname is literally the name of the application pool that you selected originally. Click CheckNames once you have entered the name and it should resolve to the name of the application pool without the preceding iis apppool.

0
votes

There seem to be as many non-working answers to this issue as their are forums to post them on. IIS is just that difficult at times. So, if the above actions didn't work for you, following is a list commands that the government agency I work for tries to get their Server 2012 machines working. They said that some of them might fail, but just ignore those and go on.

In short, these commands unlock portions of the tiered configuration system, so that you can adjust them via your application's web.config file. Included are areas pertaining to compression, static content, Hope this helps!

IMPORTANT: Run the following commands individually in a command (DOS) window with administrator privileges (i.e. Right-click on Command Prompt and choose Run as Administrator).

%windir%\system32\inetsrv\appcmd unlock config -section:httpCompression

%windir%\system32\inetsrv\appcmd unlock config -section:staticContent

%windir%\system32\inetsrv\appcmd set config /section:urlCompression /doDynamicCompression:True

%windir%\system32\inetsrv\appcmd set config /section:urlCompression /doStaticCompression:True

%windir%\system32\inetsrv\appcmd set config /section:httpCompression /+staticTypes.[mimeType='text/*',enabled='true'] /commit:apphost

%windir%\system32\inetsrv\appcmd set config /section:httpCompression /+staticTypes.[mimeType='message/*',enabled='true'] /commit:apphost

%windir%\system32\inetsrv\appcmd set config /section:httpCompression /+staticTypes.[mimeType='image/*',enabled='true'] /commit:apphost

%windir%\system32\inetsrv\appcmd set config /section:httpCompression /+staticTypes.[mimeType='application/x-javascript',enabled='true'] /commit:apphost

%windir%\system32\inetsrv\appcmd set config /section:httpCompression /+staticTypes.[mimeType='application/javascript',enabled='true'] /commit:apphost

%systemroot%\system32\inetsrv\AppCmd unlock config /section:windowsAuthentication

%systemroot%\system32\inetsrv\AppCmd unlock config /section:anonymousAuthentication