ASP.NET Troubleshooting - Web.Config Access Errors

Top  Previous  Next

The topic covers a variety of topics and suggestions to review if you are having trouble building or running your ASP.NET applications.



Server Error in '/' Application


Make sure that the Virtual Directory is created, and matches your project name.


In addition, if you see the following error posted:

"Unverifiable code failed policy check"

Check your web.config file and verify that the following line is present:


<trust level="Full" originUrl=""/>



User Rights


The HTTP 500 - Internal Server error usually comes from either


1) IIS or ASP.Net not being installed correctly

2) security configuration issues


In Internet Explorer, Tools->Internet Options->Advanced tab - turn off "Show friendly HTTP error messages". That will give you a more explicit error message.


See if you can access Http://localhost/iishelp, does that work?

Also try viewing any HTML page so you totally bypass any ASP.Net issues.


You can go to a command line prompt and enter:

iisreset /restart /timeout:120 /rebootonerror


This will attempt to restart all Web related services, and if either the stop or restart don't succeed within 2 minutes it will restart your computer (* so save any open files first!)



Application Access


When viewing an ASP.NET application in your browser, you receive the following Error


"It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level"


1.  If you manually create a virtual directory and it is not configured as an application, then you will not be able to browse the application and may get the above error.


To resolve it, right-click on the virtual directory, select properties and then click on Create next to the Application Label and the textbox. It will automatically create the "application" using the virtual directory's name. Now the application can be accessed.


2.  When you have sub-directories in your application, you can have a web.config file for the sub-directory. However, there are certain properties which cannot be set in the web.config of the sub-directory such as authentication, session state (you may see that the error message shows the line number where the authentication or session state is declared in the web.config of the sub-directory). The reason is, these settings cannot be overridden at the sub-directory level unless the sub-directory is also configured as an application (as mentioned in the above point).


Usually, we add a web.config file in a sub-directory if we want to protect access to the sub-directory files (e.g., if the directory name is Admin and we want to protect the admin pages from unauthorized users).


Actually, this can be also achieved in the web.config file at the application's root level itself, by specifying the location path tags and authorization, as follows:-


<location path="Admin">



<allow roles="administrators" />

<deny users="*" />





However, if you do want to have a web.config file at the sub-directory level and protect the sub-directory, you can just specify the Authorization mode as follows:-





<allow roles="administrators" />

<deny users="*" />





Either way allows you to protect the sub-directory from unauthorized access.