CODEWITHSUNDEEP
c#windowssecurityiisiis-8
Novkovski Stevo Bato
Novkovski Stevo Bato

Reputation: 1043

DirectoryEntry IIS access permission

I have one console application which list website binding in IIS

using (var directoryEntry = new DirectoryEntry("IIS://localhost/w3svc/" + GetWebSiteId())) {
    var bindings = directoryEntry.Properties["ServerBindings"]; 
}

I call this console application from ASP.NET via process

var process = new Process {
   StartInfo = new ProcessStartInfo {
       FileName = "c:/app.exe",
       Arguments = "check",
       UseShellExecute = false,
       RedirectStandardOutput = true,
       CreateNoWindow = true
    }
};

Everything works fine on development machine under Widows 7 / IIS 7.5, but when i test on Windows 2012 / IIS 8 im getting "Access is denied" error.

Error log

"System.Runtime.InteropServices.COMException (0x80070005): Access is denied.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_IsContainer()
at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container)
at System.DirectoryServices.DirectoryEntries.GetEnumerator()
at IISSubdomainManagement.Program.GetWebSiteId()
at IISSubdomainManagement.Program.TotalBindings()
at IISSubdomainManagement.Program.Main(String[] args)"

p.s Application pool identity is "ApplicationPoolIdentity"

I forget to mention, my console app works fine on my server when I run it from CMD

Upvotes: 6

Views: 9962

Answers (4)

Rahul Kamboj
Rahul Kamboj

Reputation: 86

This Solution worked for me ==>

http://blogs.msdn.com/b/jpsanders/archive/2009/05/13/iis-7-adsi-error-system-runtime-interopservices-comexception-0x80005000-unknown-error-0x80005000.aspx?CommentPosted=true#commentmessage

Upvotes: 0

Hernaldo Gonzalez
Hernaldo Gonzalez

Reputation: 2047

In IIS 7/8 go Control Panel / Program And Features / Turn Windows features on or off, and check all items from: Web Managment Tools, (it's include: IIS Managment Service, II 6 Managment Compatibility)

Upvotes: 2

Alexandre Rafalovitch
Alexandre Rafalovitch

Reputation: 9789

You have probably granted the permission to 'ApplicationPoolIdentity' rather than to the virtual account that actually corresponds to that Application Pool. Read through the Microsoft's description or search online for virtual identity IIS, etc.

On your development machine, you probably have some sort of Full Admin rights, so it is not as restricted.

If you still have problems after that, I would recommend replicating the error with a Process Monitor running, so you can see exactly what process is accessing which resource with which identity. However, I would recommend replicating the issue on your development machine rather than running Process Monitor on the production. It takes a little bit of learning to be able to run it efficiently.

Upvotes: 1

odyss-jii
odyss-jii

Reputation: 2699

You need to give permission to the IUSR account to access and execute C:\app.exe. This link should provide you with the necessary information to find the right account.

Upvotes: 2

Related Questions