Hi
We are moving from Dot Net v1.1 to v2, and have just installed our first ASP2
website on our pre-prod web server. The website runs fine on our dev boxes (Win
XP sp2, Dot Net Framework 1, 1.1 & 2, Visual Studio 2003 & Visual Studio
2005, IIS v5.1), however, when we get to our pre-prod web server (Windows 2000
SP4, IISv5.0, DotNet Framework 1, 1.1 & 2) we get the following problem:
Failed to access IIS metabase.
Description: An unhandled exception occurred during the execution of the current
web request. Please review the stack trace for more information about the error
and where it originated in the code.
Exception Details: System.Web.Hosting.HostingEnvironmentException: Failed to
access IIS metabase.
The process account used to run ASP.NET must have read access to the IIS
metabase (e.g. IIS://servername/W3SVC). For information on modifying metabase
permissions, please see http://support.microsoft.com/?kbid=267904.
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.
Stack Trace:
[HostingEnvironmentException: Failed to access IIS metabase.]
System.Web.Configuration.MetabaseServerConfig.MapPathCaching(String siteID,
VirtualPath path) +3492170
System.Web.Configuration.MetabaseServerConfig.System.Web.Configuration.IConfigMa
pPath.MapPath(String siteID, VirtualPath vpath) +9
System.Web.Hosting.HostingEnvironment.MapPathActual(VirtualPath virtualPath,
Boolean permitNull) +163
System.Web.CachedPathData.GetConfigPathData(String configPath) +382
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetApplicationPathData() +68
System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath, Boolean
permitPathsOutsideApp) +3385679
System.Web.Configuration.RuntimeConfig.GetLKGRuntimeConfig(VirtualPath path)
+189
I found three possible solutions:
1. As the KB article it links to suggests, I registered the ASPNET account
using "ASPNET_RegIIS -ga ASPNET". This did nothing.
2. I repaired the Dot Net Framework v2 install. This seems to work for some
people if IIS is installed after the framework, but did not work for us as IIS
was installed before the framework, based on other peoples comments.
3. I added the ASPNET account as a Website Operator (open IIS MMC, right click
on the web site and select properties, click on the Operators Tab, add the
ASPNET account, close the properties window, restart IIS). This fixed the
problem.
My question - is adding the ASPNET account as a website operator a possible
security problem? Is it possible that this change could leave our webserver
vulnerable such that anonymous web users could, for example, remove the entire
website from the IIS metabase, or change website security properties in the IIS
metabase allowing remote code execution (ie. modify Home directory permissions
to allow Write, and then modify Execute Permissions to allow Scripts and
Executables).
Yes, I am definately not a security expert and am probably barking up the wrong
tree here, but this looked a little funny to me so I thought that I would ask
the stupid question.
Thanks in Advance
Ben
|
Hi tomkmvp
Thanks for your response. In my original post I omitted to let you know that
the account has Full control of the windows directory referenced by the Virtual
Directory.
Even with Full control, which I know is another issue, it still fails with the
above error.
Cheers
Ben
|
Hi tomkmvp
Thanks for the reply. Sorry its taken so long to get back to you. I believe
that the root directory had full control for everyone, just like the sub
directory, but I can't check as our server has just died a permanent death. I
hope to get it rebuilt over the next couple of days and will double check then.
Thanks again
Ben
|