Insufficient Permissions when using ApplicationPoolidentity

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
10/20/2010 8:44:19 AM
Gravatar
Total Posts 123
/Mats Lillnor

Insufficient Permissions when using ApplicationPoolidentity

MojoPortal version 2.3.5.4
(problem only exists för .NET 3.5-version, .NET 4 works fine.)
IIS 7.5 (Windows Server 2008 R2) Full trust.
SQL Server 2008 R2

Special IIS 7.5 security configuration

---

Hi!

2.3.5.4 does not work when the process model for the application pool is configured with "identity=applicationPoolidentity". Changing to "Identity=localSystem" (of course) solves the problem.

Error message indicates that there are insufficient permissions to do background compile. OpenAuth.dll is complaining.

I do not have the error message available right now, since I have upgraded to .NET 4 which does not have the problem. I will come back and post the error when I upgrade my other sites to 2.3.5.4.

Here is a little background info on the environment, since it is uses a rather uncommon configuration.

I am running my mojoPortal sites on a web hotel where I have made the infrastruncture design and implementation. I have complete access to the whole system with remote desktop.

It is 2 node NLB-cluster with powerful machines (4 x 4 core XEON CPU, 24 MB RAM) and file replication is done with DFS-replication between the nodes.

About 700 sites are running simultaneosly and they are completely isolated from each other and still running in full trust mode. Each site has it's own application pool with the identity set as ApplicationPoolIdentity which uses a built-in SID for each process without having to create domain accounts. This is a new feature in 2008R2 and we gained a tremendous performance increase using this solution. NTFS-permissions on the file structure is granted using ICACLS, since the object picker does not support IIS 7.5 built-in ApplicationPool Virtual Accounts. The account have mofify-permissions on the web sites file structure.

This solution works fine with mojoPortal before 2.3.5.4 (at least up to 2.3.4.1, haven't tested intermediate versions) as well as with DotnetNuke and all other custom built web applications. It also works with mojoPortal 2.3.5.4 in .NET 4-version, but not with 2.3.5.4/.NET 3.5.

 

/Mats

10/20/2010 9:26:01 AM
Gravatar
Total Posts 18439

Re: Insufficient Permissions when using ApplicationPoolidentity

Hi Mats,

Permission issues are configuration issues.  mojoPortal has no control over permissions of the app pool identity and therefore this is not a bug in mojoPortal.

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.