R – Sharepoint SSL Web.Config access issue


I’ve got a strange scenario:

I’ve got a webpart that calls into a dll in the GAC, which is trying to read a section from web.config file.
This works fine normally, but under SSL it fails, saying it does not have access to the path (of the config file). However, it’s under the mosssvc account, which has full control over the webconfig file.

Both the 80 web.config file and the 443 web.config file have the same entries the dll is looking for, and mosssvc has full control on both configs.

I have tried elevating the trust level on 443 to full, which didn't work.

Any ideas, or anything you can think of that I can try?

EDIT: I should have been more clear: the SSL site has already been created and works fine until the one method in the GAC'd assembly tries to examine the web config.

The full error message is:

Event Type:        Warning
Event Source:    ASP.NET 2.0.50727.0
Event Category:                Web Event 
Event ID:              1310
Date:                     2/9/2009
Time:                     1:44:49 PM
User:                     N/A
Computer:          XXXXX
Event code: 3008 
Event message: A configuration error has occurred. 
Event time: 2/9/2009 1:44:49 PM 
Event time (UTC): 2/9/2009 9:44:49 PM 
Event ID: 2d7180cdfbb34acfa6c61f95df12ddde 
Event sequence: 26 
Event occurrence: 1 
Event detail code: 0 

Application information: 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\ 
    Machine name: XXXXXXXX 

Process information: 
    Process ID: 5168 
    Process name: w3wp.exe 
    Account name: XXXXXXXXX\mosssvc 

Exception information: 
    Exception type: ConfigurationErrorsException 
    Exception message: An error occurred loading a configuration file: Access to the path 'C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\web.config' is denied. (C:\Inetpub\wwwroot\wss\VirtualDirectories\8443\web.config) 

Request information: 
    Request URL: https://XXXXXXX:443/training/Pages/smartregister.aspx?c=383 
    Request path: /training/Pages/smartregister.aspx 
    User host address: 
    Is authenticated: False 
    Authentication Type:  
    Thread account name: XXXXXXX\mosssvc 

Thread information: 
    Thread ID: 10 
    Thread account name: XXXXXXX\mosssvc 
    Is impersonating: True 
    Stack trace:    at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
   at System.Configuration.Configuration..ctor(String locationSubPath, Type typeConfigHost, Object[] hostInitConfigurationParams)
   at System.Configuration.Internal.InternalConfigConfigurationFactory.System.Configuration.Internal.IInternalConfigConfigurationFactory.Create(Type typeConfigHost, Object[] hostInitConfigurationParams)
   at System.Web.Configuration.WebConfigurationHost.OpenConfiguration(WebLevel webLevel, ConfigurationFileMap fileMap, VirtualPath path, String site, String locationSubPath, String server, String userName, String password, IntPtr tokenHandle)
   at System.Web.Configuration.WebConfigurationManager.OpenWebConfigurationImpl(WebLevel webLevel, ConfigurationFileMap fileMap, String path, String site, String locationSubPath, String server, String userName, String password, IntPtr userToken)
   at System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(String path)
   at XXXXXXXXX.RegistrationHelper.RegisterStudents(Boolean sendEmail, String Time, String Title, String bFirstName, String bLastName, String bAddress, String bPostalCode, String bCity, String bTelephone, String bCompany, String bEmail, List`1 Registrants, Int32 courseDateID, String pType, String CCNumber_, String NameOnCard, String cExpiry, Double Discount, String DiscountCode, Double CostPerRegistrant, String PurchaseOrder)
   at ASP.SmartEventRegistration.lnkSubmit_Click(Object sender, EventArgs e) in c:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\CONTROLTEMPLATES\SmartEventRegistration\SmartEventRegistration.ascx:line 401
   at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
   at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at Microsoft.SharePoint.Publishing.TemplateRedirectionPage.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Best Solution

try this, form Faranz Kan SharePoint blog on how to enable SSL in MOSS:

  1. Go to central admin --> Create or extend a new web application --> Create a new web application.
  2. Fill in the Web app, DB and App pool names as usual. Select yes to enable SSL on the web application. If you are using host headers for this web app, then enter those too. (Important: Make sure to set the port to 443, not 80).
  3. After the web application has been created, reset IIS and then open up IIS mmc. Scroll to the IIS website that MOSS just created for you and select the right SSL certificate from the available certificates (Ask your network folks to generate an internal or external SSL cert for you depending on whether this is a test or prod server). Important: Go to the Home Directory tab and click Advanced. Make sure you set the host header and the right IP for port 80. For SSL entries, select port 443 and the IP. (If you have multiple IP's on the server, I usually pick one here for these entries). Click on the edit button for SSL entries and check the 'Require SSL' box. Also check 'Require 128 bit encryption' to make this more secure.
  4. Now go ahead and create your first site collection for this web app. MOSS will automatically create a new site collection for you and present you with a "https://.." link upon completion. You should now have a SSL ready web app.
  5. By default, if you want multiple web apps using SSL on the same server
    • this does not work in IIS 6. If you want multiple MOSS 2007 Web apps to be SSL enabled, there are two ways of going about this. One way is to get as many IPs as you want SSL web apps for that web server and assign one IP per host header settings for port 80 and 443 under IIS Website properties --> Home Directory --> Advanced. The other option is to modify the IIS metabase to allow multiple SSL web apps on the same IP. Be careful with the second option and make sure you know what you are doing.
Related Question