IIS 7 and Above
Problem configuring IIS7 virtual directory with Directory Browsing
Last post Mar 20, 2008 10:25 AM by jguillet
Mar 19, 2008 01:38 PM|jguillet|LINK
I created a new virtual directory from the default website and enabled Directory Browsing on the new virtual directory. Anonymous Authentication is enabled. Everything works fine when I access the the URL from the Internet.
The problem occurs when I try to configure the virtual directory to prompt for credentials for access. I tried restricting the NTFS permissions on the target folder to include only my access account (this worked fine before in IIS6), but I get an error:
I've also tried disabling Anonymous Access (with and without changing NTFS permissions on the folder), but get the same 500 error.
What am I doing wrong?
Mar 20, 2008 04:57 AM|thomad|LINK
We introduced delegated administration in IIS7. This means that you can have IIS configuration in web.config files which reside in your vdir. IIS has to read these config files very early on, i.e. when there is no authenticated user available yet. For this
reason IIS has to use the process identity (usually NetworkService) to read the web.config file. I assume that your directory doesn't allow access to NetworkService.
Instead of allow NetworkService access you can also use the AppPool identity. Here is a command you can use:
ICACLS c:\<yourdir> /grant IIS_APPPOOL\DefaultAppPool:(OI)(IO)(CI)R
Mar 20, 2008 10:25 AM|jguillet|LINK
Perfect! I added Network Service with Read/Execute rights to my virtual directory and it works fine. Thanks, Thomas.