Why does my EpiServer site need access to c:\windows\system32?

Vote:
 

 

Server Error in '/' Application.


Access to the path 'C:\Windows\system32\config\systemprofile' is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\Windows\system32\config\systemprofile' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

[No relevant source lines]


Source File: c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\6ed5bed6\a80a1d81\App_global.asax.rzj41_fn.0.cs    Line: 0

Stack Trace:

[UnauthorizedAccessException: Access to the path 'C:\Windows\system32\config\systemprofile' is denied.]
   System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +9726046
   System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj) +9497018
   System.IO.DirectoryInfo.Create() +15
   EPiServer.Web.Hosting.VirtualPathUnifiedProvider.GetAndValidatePhysicalPathBase(String physicalPath) +172
   EPiServer.Web.Hosting.Versioning.VersioningFileSystem.Init(NameValueCollection config) +106
   EPiServer.Web.Hosting.VirtualPathVersioningProvider..ctor(String name, NameValueCollection configParameters) +177

[TargetInvocationException: Exception has been thrown by the target of an invocation.]
   System.RuntimeMethodHandle._InvokeConstructor(IRuntimeMethodInfo method, Object[] args, SignatureStruct& signature, RuntimeType declaringType) +0
   System.RuntimeMethodHandle.InvokeConstructor(IRuntimeMethodInfo method, Object[] args, SignatureStruct signature, RuntimeType declaringType) +15
   System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +281
   System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +1136
   System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +111
   System.Reflection.Assembly.CreateInstance(String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +62
   EPiServer.Web.Hosting.VirtualPathHandler.CreateVirtualPathProviderInstance(ProviderSettings providerSettings) +258
   EPiServer.Web.Hosting.VirtualPathHandler.InitializeProviders(ProviderSettingsCollection providers, Boolean captureCustomExceptions) +1175
   EPiServer.Web.InitializationModule.InitializeVirtualPathProviders(VirtualPathElement vpElement) +115
   EPiServer.Web.<>c__DisplayClass46.<Initialize>b__21() +22
   EPiServer.Web.InitializeEngine.Initialize() +244
   EPiServer.Web.InitializationModule.Initialize(EPiServerSection config, Settings settings, ConnectionStringSettingsCollection connectionStringSettings) +2832
   EPiServer.Web.InitializationModule.<StaticInitialization>b__4() +34
   EPiServer.Web.InitializeEngine.Initialize() +244
   EPiServer.Web.InitializationModule.StaticInitialization() +1490
   EPiServer.Web.InitializationModule.Initialize(InitializationEngine context) +47
   EPiServer.Framework.Initialization.InitializationEngine.InitializeModules() +343
   EPiServer.Framework.Initialization.InitializationEngine.Initialize(HostType hostType) +83
   EPiServer.Framework.Initialization.InitializationModule.Initialize(HostType hostType) +163
   EPiServer.Framework.Initialization.InitializationModule.FrameworkInitialization(HostType hostType) +68
   EPiServer.Global..ctor() +54
   ASP.global_asax..ctor() in c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\6ed5bed6\a80a1d81\App_global.asax.rzj41_fn.0.cs:0

[TargetInvocationException: Exception has been thrown by the target of an invocation.]
   System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) +0
   System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) +98
   System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) +241
   System.Activator.CreateInstance(Type type, Boolean nonPublic) +69
   System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +1136
   System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +111
   System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture) +23
   System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args) +60
   System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +259
   System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +253

[HttpException (0x80004005): Exception has been thrown by the target of an invocation.]
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +8972180
   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +97
   System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +256



Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.225

#50581
May 04, 2011 18:37
Vote:
 

Just as an addition, the App Pool for this site is running under user ApplicationPoolId, as are several other sites on this box and they don't require access to a system folder.

#50582
May 04, 2011 18:40
Vote:
 

How do your virtual path provider configurations look? It's as if one of the physicalPath attribute values is empty (though that should cause an exception) or includes some environment variable pointing to the users profile?

#50595
May 05, 2011 7:08
Vote:
 

From my episerver.config:

  <virtualPath customFileSummary="~/FileSummary.config">
    <providers>
      <clear />
      <add showInFileManager="true" virtualName="Page Files" virtualPath="~/PageFiles/" bypassAccessCheck="false" name="SitePageFiles" type="EPiServer.Web.Hosting.VirtualPathVersioningProvider,EPiServer" indexingServiceCatalog="Web" physicalPath="%USERPROFILE%\Intranet\PageFiles" />
      <!--<add showInFileManager="false" virtualName="Virtual Path Mappings" virtualPath="~/upload/"
            bypassAccessCheck="false" name="SitePathMappings" type="EPiServer.Web.Hosting.VirtualPathMappedProvider,EPiServer" />-->
      <add showInFileManager="true" virtualName="Global Files" virtualPath="~/Global/" bypassAccessCheck="false" name="SiteGlobalFiles" type="EPiServer.Web.Hosting.VirtualPathVersioningProvider,EPiServer" indexingServiceCatalog="Web" physicalPath="%USERPROFILE%\Intranet\Globals" />
      <add showInFileManager="true" virtualName="Documents" virtualPath="~/Documents/" bypassAccessCheck="false" maxVersions="5" name="SiteDocuments" type="EPiServer.Web.Hosting.VirtualPathVersioningProvider,EPiServer" physicalPath="%USERPROFILE%\Intranet\Documents" />
      <!--
        <add showInFileManager="true" virtualName="Global Files" virtualPath="~/Global/"
          bypassAccessCheck="false" indexingServiceCatalog="Web" physicalPath="%EPISERVERFILESDIR%\EPiServerFiles\Globals"
          name="SiteGlobalFiles" type="EPiServer.Web.Hosting.VirtualPathNativeProvider,EPiServer"
          WriteAccess="Administrators" DeleteAccess="Administrators" />
        -->
      <add name="App_Themes_Default" virtualPath="~/App_Themes/Default/" physicalPath="C:\Program Files\EPiServer\CMS\6.1.379.0\Application\App_Themes\Default" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add name="UIFiles" virtualPath="~/EPiServer/CMS/" physicalPath="C:\Program Files\EPiServer\CMS\6.1.379.0\Application\UI\CMS" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add name="UtilFiles" virtualPath="~/Util/" physicalPath="C:\Program Files\EPiServer\CMS\6.1.379.0\Application\Util" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add name="WebServicesFiles" virtualPath="~/WebServices/" physicalPath="C:\Program Files\EPiServer\CMS\6.1.379.0\Application\webservices" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add name="EPiServerCMS" virtualPath="~/EPiServer/CMS" physicalPath="C:\Program Files\EPiServer\CMS\6.1.379.0\Application\UI\EPiServer\CMS" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add name="EPiServerShell" virtualPath="~/EPiServer/Shell" physicalPath="C:\Program Files\EPiServer\Framework\6.2.267.1\Application\UI" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
    </providers>
    <filters />
  </virtualPath>
  <!-- virtualPathMappings are used by "VirtualPathMappedProvider". -->
  <virtualPathMappings>
    <!--<add url="~/ExternalSample.ascx" mappedUrl="~/MappedSample.ascx" />-->
  </virtualPathMappings>

Not sure what I'm looking for to be honest

Thanks

Dave

#50605
May 05, 2011 10:08
Vote:
 

You have several entries where physicalPath includes %USERPROFILE%. I doubt this is what you want because the content of your sites file folders would depend on which user runs the app pool (or even which user is logged in if you have impersonation). Since you use it for page files, global files etc, physicalPath should be a absolute physical path without variables.

#50606
May 05, 2011 10:12
Vote:
 

Hmm, the installer should not set physicalPath that include %USERPROFILE%... Anyway if you replace %USERPROFILE% with the physical path to your vpp folder (e.g. c:\EPIServer\Sites\VPPs)  it should work fine.

 

 

#50607
May 05, 2011 10:13
Vote:
 

That worked a treat!  Thanks very much!

The installer didn't set %USERPROFILE%, I created my website using the Visual Studio template and the episerver.config file was automatically generated.  What is the correct way to create an EpiServer website, as the training I had tells me to use the VS template?

#50608
May 05, 2011 10:25
Vote:
 

Ok, I thought it was a production site.

To setup a site/environment for development your approach is fine. For development you can run the site under cassini (launch it through F5 from visual studio). In that case the webserver.exe process will run under your account and you should not get the security issue you run into when the site run under IIS.

#50614
May 05, 2011 10:55
Vote:
 

It ran fine under Cassini but I wanted to set it up as a site under IIS to find any deployment issues at the beginning of development rather than at the end.  Do I need to use the EpiServer deployment service to create an initial website and then copy my published site into the folder it creates?  If so will I have to manually merge the config files?

#50617
May 05, 2011 11:01
Vote:
 

No, you can manually create a site under IIS and point it to your site. In this case however you need to configure so the account configured for  the application pool has access to VPPs and site.

In case you run under IIS7 you should also make sure the schema for the web.config is IIS7 "style" (e.g. handlers instead of httpHandlers) since cassini uses the IIS6 config style.

#50618
May 05, 2011 11:07
Vote:
 

To avoid the IIS6/IIS7 problems I generally debug using IIS instead of cassini. That way all environments are IIS7+ (dev machine is windows 7 and test and production environments are). In the project settings under web you can change so that debugging uses the IIS site instead of cassini so it will attach to IIS automatically when you hit F5. This requires the address for the IIS site to be correct in the project, the IIS site to be running and generally that you start visual studio as administrator.

#50620
May 05, 2011 11:12
Vote:
 

That is exactly what I've done with this site so as long as I change the %USERPROFILE% to point to the VPP in the future I should be fine.

Thanks very much for your help!

Dave

#50622
May 05, 2011 11:24
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.