如何在IIS上为ASP.NET设置正确的文件权限
[英]How to set correct file permissions for ASP.NET on IIS
问题描述
HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid.
HTTP错误500.19-内部服务器错误无法访问请求的页面,因为该页面的相关配置数据无效。
Error Code : 0x80070005
Config Error : Cannot read configuration file due to insufficient permissions
When add new web application in IIS 7.5 and run it, this page shown to me, how to solve this problem win7 ultimate visual studio 2010 在IIS 7.5中添加新的Web应用程序并运行它时,此页面向我展示了如何解决Win7 Ultimate Visual Studio 2010的问题
2 个解决方案
解决方案1
25 2013-05-21 19:31:26
The message is clear. 消息很清楚。
Cannot read configuration file due to insufficient permissions
How to solve it. 如何解决。
Every asp.net application is run under one pool assigned to it , and each pool is run under a specific account . 每个asp.net应用程序都在为其分配的一个池中运行,并且每个池都在一个特定帐户下运行。
Open the IIS, locate the pool under which your app is try to run, see the user that is assigned to that pool, and give read permissions to that user on your full site directory tree. 打开IIS,找到尝试在其下运行应用程序的池,查看分配给该池的用户,并在整个站点目录树上向该用户授予读取权限。
Especial for the web.config 特别适用于web.config
The web.config , its the configuration file that message says, must have (and) write permissions . 消息说的web.config及其configuration file必须具有(和) 写入权限 。
So you locate web.config on the root of your site, right click on it, go to permissions and give on the pool-user, the write capability. 因此,您可以在站点的根目录上找到web.config,右键单击它,转到权限上,然后向池用户提供写入功能。 The pool user, is the user under the witch the pool is run, as I explain below. 池用户是运行池的女巫下的用户,如下所述。
More details 更多细节
To been able to run a public asp.net site with IIS, each file on the directory must have permissions for two accounts. 为了能够使用IIS运行公共asp.net网站,目录中的每个文件都必须具有两个帐户的权限。
One account that is permitted for public access, and the account that assigned to that application pool have. 一个允许公共访问的帐户,以及分配给该应用程序池的帐户。
To find/assing the first account you go to your iis site | 要查找/评估第一个帐户,请访问iis网站| Authentication | 认证| Edit, and see or change it as you see on that screen shot. 编辑并查看或更改该屏幕快照中的内容。
Now note that name and we going to find the user under with the pool run. 现在记下该名称,我们将在运行池的情况下查找该用户。
Go the your IIS Site and click on the Basic Settings to find the pool name, then go to the IIS | 转到IIS站点,然后单击“基本设置”以找到池名称,然后转到“ IIS” |“ IIS”。 Application Pools and see the Identity column, and note the name of the user under the witch your site is run. 应用程序池,然后查看“标识”列,并在运行您的网站的女巫下方记录用户名。
Now that we have the two users names we go to the root of the site and set the minimum of permissions that is the read as 现在我们有了两个用户名,我们进入站点的根目录并设置最小权限为
Some Notes 一些注意事项
- If the IIS_Public_ACCESS_USER is not give read permission the site is run, but ask for password 如果IIS_Public_ACCESS_USER未授予读取权限,则运行站点,但要求输入密码
- On some directories you need and write permissions, if you let for example your users upload images, or keep on App_Data, some database files. 在某些目录上,您需要具有写权限,例如,如果让用户上载图像或保留App_Data上的某些数据库文件。 Only for that directories you give and the write permissions to the IIS_POOL_USER. 仅针对您提供的目录以及对IIS_POOL_USER的写入权限。
- Some directories, like the App_Data and App_Code have direct protection from asp.net and they not allow anyone from the client side to run or view whats is in there. 某些目录(例如App_Data和App_Code)具有来自asp.net的直接保护,它们不允许客户端中的任何人运行或查看其中的内容。
- On the public directory that allow write access to your user add one web.config and totally disable all the running of asp.net files. 在允许对用户进行写访问的公用目录上,添加一个web.config并完全禁用所有运行的asp.net文件。
More to read for the directories that give write permissions I've been hacked. 有关授予写权限的目录的更多信息, 我被黑了。 Evil aspx file uploaded called AspxSpy. 上载邪恶的aspx文件称为AspxSpy。 They're still trying. 他们还在努力。 Help me trap them‼ 帮我困住他们!
解决方案2
-1 2013-05-21 19:30:15
看来您的IIS_User没有访问C:\\ Users .... \\ Visual Studio 2012 \\ Websites ...中的网站的必要权限,还请确保您的应用程序运行的是正确的.NET版本(2.0、4.0 ,...)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.