Xander Lamkins Xander Lamkins - 1 month ago 6
ASP.NET (C#) Question

Cannot read configuration file due to insufficient permissions

I've recently encountered an error trying to host my asp.net site with IIS. I have found a solution that many swear by.


Solution:


  1. Add IIS_IUSRS with Read permission on files in the folder

  2. Change IIS authentication method to BasicAuthentication

  3. refresh the website. It will work




(http://vivekthangaswamy.blogspot.com/2009/07/aspnet-website-cannot-read.html)

What do I add to my web.config file though? I've never had to edit it before. Here is its current contents:

<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
</system.web>
</configuration>


My error is:


Config Error: Cannot read configuration file due to insufficient permissions

Config File: \?\C:\Users*****\Documents\Visual Studio2010\WebSites\PointsForTime\web.config

Answer

There is no problem with your web.config. Your web site runs under a process. In iis you can define the identity of that process. The identity that, your web site's application pool runs as (Network Services, Local System, Etc. ...), should have permission to access and read web.config file.

Update:

This updated answer is same as above, but a little longer and simpler and improved.

First of all: you don't have to change any thing in your config file. It's OK. The problem is with windows file permissions.

This problems occurs because your application can not access and read web.config file.

Make the file accessible to IIS_IUSRS group. Just right click web.config and click properties, under security tab, add IIS_IUSRS.

So what is this IIS_IUSRS thing?

Your web site is like an exe file. Just like any exe file, it should be started by a user and it runs according to permissions assigned to that user.

When your site is started in IIS, Application Pool of your web site is associated with a user (Network Services, Local System, Etc. ...) (and can be changed in IIS)

So when you say IIS_IUSRS, it means any user (Network Services, Local System, Etc. ...) that your site is running as.

And as @Seph mentioned in comment below: If your computer is on a domain, remember that IIS_IUSRS group is a local group.