Cannot read configuration file due to insufficient permissions
I've recently encountered an error trying to host my asp.net site with IIS. I have found a solution that many swear by.
Solution:
- Add IIS_IUSRS with Read permission on files in the folder
- Change IIS authentication method to BasicAuthentication
- refresh the website. It will work
(http://vivekthangaswamy.blogspot.com/2009/07/aspnet-website-cannot-read.html)
What do I add to my web.config file though? I've never had to edit it before. Here is its current contents:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
</system.web>
</configuration>
My error is:
Config Error: Cannot read configuration file due to insufficient permissions
Config File: \?\C:\Users*****\Documents\Visual Studio2010\WebSites\PointsForTime\web.config
There is no problem with your web.config. Your web site runs under a process. In iis you can define the identity of that process. The identity that your web site's application pool runs as (Network Services, Local System, etc.), should have permission to access and read web.config file.
Update:
This updated answer is same as above, but a little longer and simpler and improved.
First of all: you don't have to change anything in your config file. It's OK. The problem is with windows file permissions.
This problems occurs because your application can not access and read web.config file.
Make the file accessible to IIS_IUSRS group. Just right click web.config and click properties, under security tab, add IIS_IUSRS.
So what is this IIS_IUSRS thing?
Your web site is like an exe file. Just like any exe file, it should be started by a user and it runs according to permissions assigned to that user.
When your site is started in IIS, Application Pool of your web site is associated with a user (Network Services, Local System, Etc. ...) (and can be changed in IIS)
So when you say IIS_IUSRS, it means any user (Network Services, Local System, Etc. ...) that your site is running as.
And as @Seph mentioned in comment below: If your computer is on a domain, remember that IIS_IUSRS group is a local group. Also make sure that when you're trying to find this user check the location it should be set to local computer and not a corporate domain.
I had what appeared to be the same permissions issue on the web.config
file.
However, my problem was caused by IIS failing to load the config file because it contained URL rewrite rules and I hadn't installed the IIS URL rewrite module on the new server.
Solution: Install the rewrite module.
Hope that saves somebody a few hours.
Editor's note: Doing what this answer suggests: "changing Identity to LocalSystem" is DANGEROUS! The LocalSystem account is a ...
Completely trusted account, more so than the administrator account. There is nothing on a single box that this account cannot do, and it has the right to access the network as the machine (this requires Active Directory and granting the machine account permissions to something)
Changing the Identity from ApplicationPoolIdentity to LocalSystem did the work ;).
I am using win7 64 with IIS 7.5
more about Application Pool Identity in IIS 7.5 and win 7
I had the same problem when I tried to share the site root folder with another user. Some folder lost the permission. So I followed the steps to add permission to IIS_IUSRS group as suggested by Afshin Gh. The problem is this group was not available for me. I am using windows 7.
What I did I just changed some steps:
- Right click on the parent folder (who lost the permission),
- Properties => Security =>In "Group or user names:",
- Click Edit...
- Window "Permission for your folder" will be opened.
- In "Group or user names:" press ADD... btn,
- Type Authen and press Check Names,
- You will see the complete group name "Authenticated Users"
- Press ok => apply.
- This should enable privileges again.
That worked for me.