2

I deploy MVC 5 application to IIS running on Windows 2012 R2 with WebDeploy 3. Everything is fine except sometimes after successful deployment I get 403 - Forbidden: Access is denied error when accessing the site from a browser. Recycling the pool fixes the issue but it's not suitable option. I expect IIS to automatically recycle the pool once WebDeploy finishes updating the files

..........
Info: Updating file (blabla\Web.config).
Info: Adding ACL's for path (blabla.com)
Info: Adding ACL's for path (blabla.com)
Total changes: 22 (0 added, 0 deleted, 22 updated, 0 parameters changed, 1314018 bytes copied)

Why? How do I troubleshoot the issue?

There are no warnings or errors in Windows Event log (Application, Security, WebDeploy or IIS). The site uses InProc session, targets .NET 4.5, the app pool has default settings (runs under ApplicationPoolIdentity). IIS authentication enables anonymous and forms modules only.

UserControl
  • 14,766
  • 20
  • 100
  • 187

3 Answers3

6

This just happened to me today... spent several hours scratching my head trying various solutions offered on SO.

I am using Visual Studio 2017 Community... and I am deploying to Windows Server 2012 R2 and also to Windows Server 2016.

The only solution that works for me is to uncheck the Precompile during publishing setting.

Uncheck precompile during publishing

Why this makes the difference is beyond me.

Rosdi Kasim
  • 24,267
  • 23
  • 130
  • 154
  • I was about to start pulling my hair :) – Ostati Apr 10 '18 at 15:30
  • Why does it happend? – Dominik S Jun 12 '19 at 09:12
  • THANK YOU SO MUCH, you have no idea how much searching I did before I found this. "Precompile during publishing" sounds like a good idea... I think this is a recent breakage somehow, I was updating an app that I made in 2017 and this option has always been checked; it never used to be a problem before. – Truisms Hounds Feb 13 '20 at 17:13
2

Have you tried to add runAllManagedModulesForAllRequests="true" on <modules> in your web.config? I've run into this problem before, and this has always solved it.

As per MVC4 HTTP Error 403.14 - Forbidden

Community
  • 1
  • 1
Tobias
  • 2,811
  • 2
  • 20
  • 31
  • Unfortunately I can't allow that setting (static content will go through .net pipeline then) but thanks for interesting link! – UserControl Apr 09 '14 at 07:07
1

It seems an issue realated to permission on hosting. Checking if your folder has network services added as role and also check for iusr Generally for my personal experience is a trouble with role and permission. If you cannot check it ask to your host provider to check role

makemoney2010
  • 1,222
  • 10
  • 11
  • MsDeploy explicitly sets NTFS permissions ("Adding ACL's for path") for ApplicationPoolIdentity (which is equivalent to NETWORKSERVICE). I have administrator access to the server so can check everything but don't know where to look at. – UserControl Apr 09 '14 at 06:03
  • I know that should be but in some case(my old server) could happen that sometimes not happend.In this case you can try this: Login via rdp, IIS, right click on domain and click edit permission.Checking which roles are enabled and which permission they are. – makemoney2010 Apr 09 '14 at 06:05
  • Thanks, will do next time the issue happens! – UserControl Apr 09 '14 at 06:32