Cannot read configuration file due to insufficient permissions

asp.net file-permissions iis-7

I've recently encountered an error trying to host my asp.net site with IIS. I have found a solution that many swear by.

Solution:

  1. Add IIS_IUSRS with Read permission on files in the folder
  2. Change IIS authentication method to BasicAuthentication
  3. refresh the website. It will work

(http://vivekthangaswamy.blogspot.com/2009/07/aspnet-website-cannot-read.html)

What do I add to my web.config file though? I've never had to edit it before. Here is its current contents:

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
    <connectionStrings>
  <add name="DefaultConnection" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
   providerName="System.Data.SqlClient" />
 </connectionStrings>
 <system.web>
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    </system.web>
</configuration>

My error is:

Config Error: Cannot read configuration file due to insufficient permissions
Config File: \?\C:\Users*****\Documents\Visual Studio2010\WebSites\PointsForTime\web.config


There is no problem with your web.config. Your web site runs under a process. In iis you can define the identity of that process. The identity that your web site's application pool runs as (Network Services, Local System, etc.), should have permission to access and read web.config file.

Update:

This updated answer is same as above, but a little longer and simpler and improved.

First of all: you don't have to change anything in your config file. It's OK. The problem is with windows file permissions.

This problems occurs because your application can not access and read web.config file.

Make the file accessible to IIS_IUSRS group. Just right click web.config and click properties, under security tab, add IIS_IUSRS.

So what is this IIS_IUSRS thing?

Your web site is like an exe file. Just like any exe file, it should be started by a user and it runs according to permissions assigned to that user.

When your site is started in IIS, Application Pool of your web site is associated with a user (Network Services, Local System, Etc. ...) (and can be changed in IIS)

So when you say IIS_IUSRS, it means any user (Network Services, Local System, Etc. ...) that your site is running as.

And as @Seph mentioned in comment below: If your computer is on a domain, remember that IIS_IUSRS group is a local group. Also make sure that when you're trying to find this user check the location it should be set to local computer and not a corporate domain.


I had what appeared to be the same permissions issue on the web.config file.
However, my problem was caused by IIS failing to load the config file because it contained URL rewrite rules and I hadn't installed the IIS URL rewrite module on the new server.

Solution: Install the rewrite module.
Hope that saves somebody a few hours.


Editor's note: Doing what this answer suggests: "changing Identity to LocalSystem" is DANGEROUS! The LocalSystem account is a ...

Completely trusted account, more so than the administrator account. There is nothing on a single box that this account cannot do, and it has the right to access the network as the machine (this requires Active Directory and granting the machine account permissions to something)

Changing the Identity from ApplicationPoolIdentity to LocalSystem did the work ;).

I am using win7 64 with IIS 7.5

more about Application Pool Identity in IIS 7.5 and win 7

enter image description here


I had the same problem when I tried to share the site root folder with another user. Some folder lost the permission. So I followed the steps to add permission to IIS_IUSRS group as suggested by Afshin Gh. The problem is this group was not available for me. I am using windows 7.

What I did I just changed some steps:

  1. Right click on the parent folder (who lost the permission),
  2. Properties => Security =>In "Group or user names:",
  3. Click Edit...
  4. Window "Permission for your folder" will be opened.
  5. In "Group or user names:" press ADD... btn,
  6. Type Authen and press Check Names,
  7. You will see the complete group name "Authenticated Users"
  8. Press ok => apply.
  9. This should enable privileges again.

That worked for me.

Related

PHPUnit assert that an exception was thrown?
How to run Gulp tasks sequentially one after the other
How do I convert a Swift Array to a String?
Git, fatal: The remote end hung up unexpectedly
Push multiple elements to array
Missing optional dependency 'tables'. In pandas to_hdf
Nodejs compilation flow
How to set background image of body after image is loaded?
Unable to copy file - access to the path is denied
Testing multiple configurations of parameterizable modules in a Verilog testbench
What is the correct syntax in a Docker file to mention home directory?
Cordova Phonegap - Android geolocation shows error: Application does not have sufficient geolocation permissions error