- 3 minutes to read

Cannot read configuration file due to insufficient permissions

If you encounter the error "Cannot read configuration file due to insufficient permissions" when using Nodinite, this guide will help you quickly resolve it and restore your services.

✅ Step-by-step solution for resolving IIS App Pool permission issues
✅ Ensure secure and reliable Nodinite installations
✅ Avoid downtime and configuration headaches

This problem typically occurs when Nodinite performs extended checks and the IIS App Pool account lacks access to required system files on Windows Server.

The problem

Starting with Nodinite 5.1, additional security checks require the App Pool account to have proper access rights. If not, you may see the following error for the Log API:

Server Error in '/ENVIRONMENTNAME/LogAPI' Application.
Filename: redirection.config
Error: Cannot read configuration file due to insufficient permissions
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Filename: redirection.config
Error: Cannot read configuration file due to insufficient permissions

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Stack Trace:
[UnauthorizedAccessException: Filename: redirection.config
Error: Cannot read configuration file due to insufficient permissions]
   Microsoft.Web.Administration.Interop.IAppHostAdminManager.GetAdminSection(String bstrSectionName, String bstrPath) +0
   Microsoft.Web.Administration.Configuration.GetSectionInternal(ConfigurationSection section, String sectionPath, String locationPath) +219
   Microsoft.Web.Administration.ServerManager.ApplicationPoolsSectionCreator() +74
   Microsoft.Web.Administration.Lazy.Initialize(T& target, CreateInstanceDelegate`1 valueFactory) +21
   Microsoft.Web.Administration.ServerManager.ApplicationPoolCollectionCreator() +18
   Microsoft.Web.Administration.Lazy.Initialize(T& target, CreateInstanceDelegate`1 valueFactory) +21
   Nodinite.LogApiHost.Controllers.InformationController.GetAppPoolIdentity(String applicationPoolName) +86

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3429.0

The solution

The IIS App Pool service account does not have the required read rights on %windows%\system32\inetsrv\config. Grant the account Read rights on this folder, then recycle the App Pool for the Log API.
Alternatively, ensure the account is part of the local IIS_IUSRS group and assign this group read rights on the folder containing redirection.config.


Next Step