Cannot read configuration file due to insufficient permissions
The reported problem usually stems from the extended checks within Nodinite and the requirement to read specific system files from the IIS in Windows Server.
The problem
With Nodinite 5.1, we made some additional checks, and if the accounts for the Nodinite App Pool do not have the proper access rights, you may encounter the following error message for the Log API:
Server Error in '/ENVIRONMENTNAME/LogAPI' Application.
Filename: redirection.config Error: Cannot read configuration file due to insufficient permissions
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Filename: redirection.config Error: Cannot read configuration file due to insufficient permissions ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically \ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access. Source Error:
|
An unhandled exception was
generated during the execution of the current web request. Information
regarding the origin and location of the exception can be identified using
the exception stack trace below. |
Stack Trace:
|
[UnauthorizedAccessException: Filename:
redirection.config Error: Cannot read configuration file
due to insufficient permissions
Microsoft.Web.Administration.Interop.IAppHostAdminManager.GetAdminSection(String
bstrSectionName, String bstrPath) +0 Microsoft.Web.Administration.Configuration.GetSectionInternal(ConfigurationSection
section, String sectionPath, String locationPath) +219
Microsoft.Web.Administration.ServerManager.ApplicationPoolsSectionCreator()
+74
Microsoft.Web.Administration.Lazy.Initialize(T& target,
CreateInstanceDelegate`1 valueFactory) +21
Microsoft.Web.Administration.ServerManager.ApplicationPoolCollectionCreator()
+18
Microsoft.Web.Administration.Lazy.Initialize(T& target,
CreateInstanceDelegate`1 valueFactory) +21
Nodinite.LogApiHost.Controllers.InformationController.GetAppPoolIdentity(String
applicationPoolName) +86 ... |
Version Information: Microsoft .NET Framework
Version:4.0.30319; ASP.NET Version:4.7.3429.0
The solution
The service account for the IIS App Pool does not have the required read rights on folder %windows%\system32\inetsrv\config. Therefore, You must grant the account Read rights on this folder and then recycle the App Pool in use for the Log API.
As an alternative, you should make sure the account is part of the local IIS_IUSRS group and then assign this group read rights on the folder with the redirection.config file.