I have some trouble with the shadow copy feature of AppDomains in combination with a ASP.NET website running under IIS. The problem is that the shadow copied files can not be read or executed by the IIS user because of insufficient permissions.
I get the following error message when the code in the new AppDomain is executed (through a callback method via DoCallBack):
System.IO.FileLoadException: Could not load file or assembly 'My.Namespace.AssemblyName, Version=0.0.3.2231, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Access is denied.
Fusion log:
Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Running under executable c:\windows\system32\inetsrv\w3wp.exe --- A detailed error log follows. === Pre-bind state information === LOG: User = NT AUTHORITY\NETWORK SERVICE LOG: DisplayName = My.Namespace.AssemblyName, Version=0.0.3.2231, Culture=neutral, PublicKeyToken=null (Fully-specified) LOG: Appbase = file:///C:/Inetpub/wwwroot/Web Suite/Widgets LOG: Initial PrivatePath = NULL Calling assembly : (Unknown). === LOG: This bind starts in default load context. LOG: No application configuration file found. LOG: Using host configuration file: \\?\C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.config LOG: Using machine configuration file from C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config. LOG: Policy not being applied to reference at this time (private, custom, partial, or location-based assembly bind). LOG: Attempting download of new URL file:///C:/Inetpub/wwwroot/Web Suite/Widgets/My.Namespace.AssemblyName.DLL. ERR: Failed to complete setup of assembly (hr = 0x80070005). Probing terminated.
What I have already done:
I have granted the 'C:/Inetpub/wwwroot/Web Suite/Widgets' folder read and execution permission for the user 'NETWORK SERVICE'.
When I turn off the shadow copying feature, everything goes fine.
Even on my local computer under Visual Studio 2008 it runs without any problem.
Granting all files (instead of the folder itself) in the Widgets folder read and execution permission does not solve the problem.
I thought it have to do with the permissions on the ASP.NET temporary files folder:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\web suite
This folder, all its sub folders and the files within them have read and read & execute permissions for the user 'NETWORK SERVICE'. So that's not the problem either.
To be short:
Why can't my site (running under IIS6) access the shadow copied files of the new AppDomain?
Try running aspnet_regiis with the -ga option like this:
aspnet_regiis -ga MachineName\AccountName
where MachineName\AccountName are the identity of your application pool.
The reason of the problem is CachePath default value. If an AppPool is run under network service, DefaultUser temp folder location is used (I don't know why). But Network Service doesn't have access to the folder and it's the reason of the exception. The solution is to set CachePath explicitly. For example, we can use ASP.NET AppPool cache path: