tags:

views:

484

answers:

1
Q: 

403 Forbidden with Built-In VS 2008 Web Server

I have an ASP.Net webapp where I wanted to test using a different local account. So I created the account, but then started getting 403 Forbidden when logging in with that account. This is using the VS 2008 built-in web server (Cassini). A coworker suggested giving that user account permissions on the project files which I did. I also gave the ASPNET user the same permissions, and to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files, killed and restarted WebDev.WebServer.EXE, and cleared cache, but to no avail. I've included the related event from the event log below.

Any ideas what to try next, or where to look or how to get a more specific cause of the underlying problem?

Thanks, Clark

Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 6/5/2009 2:20:53 PM 
Event time (UTC): 6/5/2009 6:20:53 PM 
Event ID: fc869492b17f4bddb582026ac1752cd6 
Event sequence: 8 
Event occurrence: 1 
Event detail code: 0 

Application information: 
    Application domain: a55c3efc-3-128886994866758750 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\Documents and Settings\Fred\My Documents\Visual Studio 2008\Projects\ETimeLite\ETimeLiteUserControl\ 
    Machine name: MOSSDEV 

Process information: 
    Process ID: 5260 
    Process name: WebDev.WebServer.exe 
    Account name: MOSSDEV\Fred 

Exception information: 
    Exception type: TargetInvocationException 
    Exception message: Exception has been thrown by the target of an invocation. 

Request information: 
    Request URL: http://localhost:35752/Test_EtimeLiteAsUserControl.aspx?nocache=1 
    Request path: /Test_EtimeLiteAsUserControl.aspx 
    User host address: 127.0.0.1 
    User: MOSSDEV\Fred 
    Is authenticated: True 
    Authentication Type: NTLM 
    Thread account name: MOSSDEV\Fred 

Thread information: 
    Thread ID: 4 
    Thread account name: MOSSDEV\Fred 
    Is impersonating: False 
    Stack trace:    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Web.UI.WebControls.ObjectDataSourceView.InvokeMethod(ObjectDataSourceMethod method, Boolean disposeInstance, Object& instance)
   at System.Web.UI.WebControls.ObjectDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments)
   at System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback)
   at System.Web.UI.WebControls.DataBoundControl.PerformSelect()
   at System.Web.UI.WebControls.BaseDataBoundControl.DataBind()
   at System.Web.UI.WebControls.GridView.DataBind()
   at System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound()
   at System.Web.UI.WebControls.CompositeDataBoundControl.CreateChildControls()
   at System.Web.UI.Control.EnsureChildControls()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Control.PreRenderRecursiveInternal()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)


Custom event details: 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
+1  A: 

The user that Cassini is accessing the file as needs to have rights on the file being accessed.

While you'll find lots of specific answers via google easily enough, I'll offer a 'teach to fish' answer which yuo'll either love or hate:-

Using procmon from sysinternals, you'll be able to see the permission being refused internally, which will allow you to assign sufficient permissions on the resource being accessed to the user under whose identity it is being accessed.

Ruben Bartelink  2009-06-05 21:31:42
Okay, ran procmon. I don't see any project related files listed. The only "interesting" thing I see (aside from some framework dll's) is stuff related to WebDev, but they seem like virtual paths into the GAC, not directories I can actually change the permissions of. Was there something specific you were thinking I would see?
 2009-06-05 21:55:00
You can ignore all the stuff in the shadow folders (you mentioned in your question about people suggesting doing things in there). While stuff gets copied in there etc., all the actual permissions verification will go against the actual files you're touching. Your exception dump indicates that Cassini is running as 'Fred' and the file is in Fred's profile, which would on the surface seem fine.. Procmon should be showing a non-successful file access to a file in the profile if the 403 is related to file permissions... This is a reasonably common issue so if procmon doesnt help,googling should
Ruben Bartelink  2009-06-06 12:42:06
Sorry for the delay, back from training. After struggling with this for the better part of the morning, I punted and now run it out of IIS and it works okay. I read some things that made me believe perhaps in WebDev.WebServer.exe, Page.User.Identity is only ever the user that the process is run from (not positive though). Anyway, thanks for the suggestions.
 2009-06-12 16:17:17

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps