Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level.
This error can be caused by a virtual directory not being configured
as an application in IIS.
Source Error:
Line 36: ASP.NET to identify an incoming user.
Line 37: -->
Line 38: <authentication mode="Windows"/>
Line 39: <!--
Line 40: The <customErrors> section enables configuration
There are lots of references for this error on the web, but all of them repeat the same 2 suggestions, neither of which applies in my case.
Here is my scenario.
I have a Server 2003 with IIS 6. The default web site has 4 virtual directories that are all configured as separate applications. Some are Web Services, some are plain ASP.NET sites. 3 of them work just fine, one does not - from the outside (I do not get this error when I am logged on to the server and browse localhost).
All applications share the same app pool, and they all have their own web.configs. I looked at the properties in great length and I did not find a difference that would explain the error. the security settings are the same. I checked the permissions of the files and folders in both MMC and the file system. Both the app pool account (NETWORK SERVICE) and the anonymous web user have the required access rights, and they are the same across all applications. Both applications have anonymous access enabled and integrated security turned on.
Again, I only get the above error when I hit the page from outside the firewall, as the anonymous user. When I am logged on locally, the page is served just fine. Which makes me think that the problem is related to security/impersonation.
The application that does not work was built with and deployed from VS 2008 and .Net 3.5. It has things in the web.config that the other, older applications do not have. I tried to gradually remove settings from the web.config, though, until the site no longer worked at all, to no avail.
What's going on?
As it is so often the case, I had overlooked a small detail - a firewall rule that forwarded my request to a different web site on a different port. External requests actually hit another site on this server. This other site did not have an application configured for the virtual directory. Once I turned the other site off, this became apparent right away.