This is what worked for me (Updated for VS 2013, see revision history for 2010, for VS 2015 see this: https://stackoverflow.com/a/32744234/218971):
Right-click your Web Application Project ▶ Properties
▶ Web
, then configure the Servers
section as follows:
- Select IIS Express ▼ from the drop down
- Project Url:
http://localhost
- Override application root URL:
http://dev.example.com
- Click Create Virtual Directory (if you get an error here you may need to disable IIS 5/6/7/8, change IIS's
Default Site
to anything but port :80
, make sure Skype isn't using port 80, etc.)
Optionally: Set the Start URL
to http://dev.example.com
Open %USERPROFILE%\My Documents\IISExpress\config\applicationhost.config
(Windows XP, Vista, and 7) and edit the site definition in the <sites>
config block to be along the lines of the following:
<site name="DevExample" id="997005936">
<application path="/" applicationPool="Clr2IntegratedAppPool">
<virtualDirectory
path="/"
physicalPath="C:\path\to\application\root" />
</application>
<bindings>
<binding
protocol="http"
bindingInformation=":80:dev.example.com" />
</bindings>
<applicationDefaults applicationPool="Clr2IntegratedAppPool" />
</site>
If running MVC: make sure the applicationPool
is set to one of the "Integrated" options (like "Clr2IntegratedAppPool").
Open your hosts
file and add the line 127.0.0.1 dev.example.com
.
► Start your application!
Some great advice from the comments:
- You may need to run Visual Studio as Administrator.
- If you want to make other devs see your IIS run
netsh http add urlacl url=http://dev.example.com:80/ user=everyone
- If you want the site to resolve for all hosts set
bindingInformation="*:80:"
.
Use any port you want, 80 is just convenient. To resolve all hosts you'll need to run Visual Studio as an administrator
The ApplicationPoolIdentity
is assigned membership of the Users
group as well as the IIS_IUSRS
group. On first glance this may look somewhat worrying, however the Users
group has somewhat limited NTFS rights.
For example, if you try and create a folder in the C:\Windows
folder then you'll find that you can't. The ApplicationPoolIdentity
still needs to be able to read files from the windows system folders (otherwise how else would the worker process be able to dynamically load essential DLL's).
With regard to your observations about being able to write to your c:\dump
folder. If you take a look at the permissions in the Advanced Security Settings, you'll see the following:
See that Special permission being inherited from c:\
:
That's the reason your site's ApplicationPoolIdentity
can read and write to that folder. That right is being inherited from the c:\
drive.
In a shared environment where you possibly have several hundred sites, each with their own application pool and Application Pool Identity, you would store the site folders in a folder or volume that has had the Users
group removed and the permissions set such that only Administrators and the SYSTEM account have access (with inheritance).
You would then individually assign the requisite permissions each IIS AppPool\[name]
requires on it's site root folder.
You should also ensure that any folders you create where you store potentially sensitive files or data have the Users
group removed. You should also make sure that any applications that you install don't store sensitive data in their c:\program files\[app name]
folders and that they use the user profile folders instead.
So yes, on first glance it looks like the ApplicationPoolIdentity
has more rights than it should, but it actually has no more rights than it's group membership dictates.
An ApplicationPoolIdentity
's group membership can be examined using the SysInternals Process Explorer tool. Find the worker process that is running with the Application Pool Identity you're interested in (you will have to add the User Name
column to the list of columns to display:
For example, I have a pool here named 900300
which has an Application Pool Identity of IIS APPPOOL\900300
. Right clicking on properties for the process and selecting the Security tab we see:
As we can see IIS APPPOOL\900300
is a member of the Users
group.
Best Answer
Try deleteing
applicationhost.config
or move it to a different folder, worked for me.In my case the problem was that the project was set up to start on IIS local by another developer.