Reputation: 32576
Directory Listing Denied with custom application pool identity
I have an ASP.Net MVC3 application that has been running fine in the default Application Pool on my IIS 6 server.
I need to get it running under its own service account, so I created a new Application Pool and moved the application into it. With default settings the application continued to work fine.
I set a custom Identity on the application pool, and the application now just gives me the "Directory Listing Denied" error.
I tried switching the identity back to Network Service, and the application started working again.
What could be preventing the application from running with the custom Identity? It's like ASP.Net is not even starting up.
I've run aspnet_regiis -ga <domain\username> and added the account to the IIS_WPG group, so the identity account should have access to ASP.Net.
More Info
I've been doing some diagnostics with Process Monitor and it shows that aspnet_isapi.dll is not being loaded with the custom identity.
When the identity is "Network Service" I can see aspnet_isapi.dll being loaded followed by webengine4.dll. This happens immediately after the NTLM authentication occurs.
With the custom identity, the NTLM authentication happens and then the w3wp process just starts looking for the default files (Default.aspx, Default.htm, etc).
I've checked, and the account has access to the framework version folder where these DLLs are stored.
Upvotes: 3
Views: 1183
Answers (5)
Reputation: 32576
Turns out I needed a wildcard mapping to aspnet.isapi.dll, though I'm not sure why.
Without the custom identity the application works fine without a wildcard mapping. With the custom identity I need the mapping. On another server the custom identity work fine without a mapping. Weird.
Upvotes: 1
Reputation: 13419
Have you explicitly granted permissions to the application pool identity on the application folder?
The account should be something like IIS AppPool\MyAppPoolName
More info on this can be found here: http://www.iis.net/learn/manage/configuring-security/application-pool-identities
Upvotes: 0
Reputation: 355
Now that you are using a different user then the default one, make sure that you have set the Anonymous Authentication to use the app pool user. There could also be something related to what @Gabe Thorns mentioned, it might be an issue with wildcard mappings. If you do not have wildcard mappings set to run the asp process then it will try and look for files, avoiding asp processors.
Hope that helps.
Upvotes: 0
Reputation: 11338
Did you already check Directory browse settings?
http://www.iis.net/configreference/system.webserver/directorybrowse
Upvotes: 0
Reputation: 12174
you need to give the user that you are specifying in the custom identity explicit read or read/write at the folder level of you application. Right click on the containing folder then "Properties" and add the user with the permissions required by the app to the security tab.
Upvotes: 1
Related Questions
- "401 Unauthorized" on a directory
- Using application pool identity results in exceptions and event logs
- Running an ASP.net project with an Application Pool with a specific Identity yields "(403) Forbidden"
- How to grant identity ApplicationPoolIdentity read rights to folder within my site
- Directory listing denied on ASP.Net MVC 4 app running in IIS 6 Virtual Directory
- DirectoryServicesCOMException 80072020 From IIS 7.5 Site Running Under ApplicationPoolIdentity
- Deploy MVC 3 Site From LocalHost to IIS (Directory Listing Denied)
- IIS 6 gives directory listing unavailable in MVC 2 application
- How to grant rights properly to a folder on IIS 7.5 Express
- directory listing denied