Virtual Directory IIS 8.5 disabling web.config check


I'm setting up a new template for our web server farm that will host the web application locally instead of from a UNC path. There are a few folders in the application where data is written to that are required to be shared between all of the servers in the farm.

To do this without rewriting portions of the application I'm trying to create virtual directories in the web site configuration that point to a UNC path. These virtual directories contain no code they are simply text files, images, etc that only need to run through the StaticFileHandler, however when I try to access any file in the VDIR I get a 500.19 exception with saying it is unable to read/find the web.config that lives in that directory. I don't have the VDIR setup as an application just a simple pointer with the authentication running as a domain user that has read access to the UNC path.

I've tried running the CASPol command to grant full trust to the UNC path as well as the aspnet_regiis -ga command for the domain user.

In IIS 6 you were able to open the properties of the VDIR and set the execute permissions to Scripts only without an application on the VDIR and that didn't require a web.config in the VDIR itself. All of the documentation and videos I've reviewed on setting up VDIRs in IIS8.5 say there is no additional setup in creating a VDIR then setting the authentication if it requires something different then what the Application Pool and site is running as.


Server: Windows 2012R2 Standard

IIS: 8.5

ASP.Net: 4.0

Application Pool: Integrated Mode

Connect As: Domain User for both the App Pool, the WebSite and the VDIR

Is there a global setting that disable the requirement/check for a web.config file in the VDIR when it's not setup as an application?

Best Answer

What I found is that when I setup the authentication for the virtual directories I set them up with the domain user for the Physical Path Credentials I set the Physical Path Credentials Logon Type value to Network which was causing an ACCESS DENIED error. When I set the type to any of the other options it loaded the content just fine. I'm not exactly sure why Network option fails unless it has something to do with Kerberos returning an invalid token.

Logon Types from MSDN