Cannot read configuration file due to insufficient permissions

I've recently encountered an error trying to host my asp.net site with IIS. I have found a solution that many swear by.

Solution:

Add IIS_IUSRS with Read permission on files in the folder

Change IIS authentication method to BasicAuthentication

refresh the website. It will work

(http://vivekthangaswamy.blogspot.com/2009/07/aspnet-website-cannot-read.html)

What do I add to my web.config file though? I've never had to edit it before. Here is its current contents:

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
    <connectionStrings>
  <add name="DefaultConnection" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
   providerName="System.Data.SqlClient" />
 </connectionStrings>
 <system.web>
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    </system.web>
</configuration>

My error is:

Config Error: Cannot read configuration file due to insufficient permissions
Config File: \?\C:\Users*****\Documents\Visual Studio2010\WebSites\PointsForTime\web.config

Best Answer

There is no problem with your web.config. Your web site runs under a process. In iis you can define the identity of that process. The identity that your web site's application pool runs as (Network Services, Local System, etc.), should have permission to access and read web.config file.

Update:

This updated answer is same as above, but a little longer and simpler and improved.

First of all: you don't have to change anything in your config file. It's OK. The problem is with windows file permissions.

This problems occurs because your application can not access and read web.config file.

Make the file accessible to IIS_IUSRS group. Just right click web.config and click properties, under security tab, add IIS_IUSRS.

So what is this IIS_IUSRS thing?

Your web site is like an exe file. Just like any exe file, it should be started by a user and it runs according to permissions assigned to that user.

When your site is started in IIS, Application Pool of your web site is associated with a user (Network Services, Local System, Etc. ...) (and can be changed in IIS)

So when you say IIS_IUSRS, it means any user (Network Services, Local System, Etc. ...) that your site is running as.

And as @Seph mentioned in comment below: If your computer is on a domain, remember that IIS_IUSRS group is a local group. Also make sure that when you're trying to find this user check the location it should be set to local computer and not a corporate domain.

Best Answer

Related Solutions

IIS 500.19 with 0x80070005 The requested page cannot be accessed because the related configuration data for the page is invalid error

Config Error: This configuration section cannot be used at this path

Related Topic