Permissions Hosting .NET Core out-of-process with files on a network drive

1

I have a new .NET Core API which is targeting full .Net framework so is being hosted out of process in IIS. This is working fine locally in Visual Studio, also good in a test environment using IIS, however deploying to production this is not working. The difference I can see is the test environment has a local drive with the API files, and production API files are set with a UNC path in IIS, the App Pool runs as a domain user that has full access to the network folder. The API fails to launch with errors which messages are shown below from the event log, including failing to write to logs stdout. However if I set the App Pool to run as a domain admin account, all is well and the API runs. I can't run as this user though of course, so my question is what permissions or trust levels am I missing here. I am new to .NET Core, so I am unsure what extra permissions may be required. Other full .NET Framework websites and services are running okay on this server with their files on this network drive.

Here are the event log messages when running the App Pool as the non-admin domain user.

Application EventLog for Source: "IIS AspNetCore Module V2" Warning: "Could not create stdoutLogFile \?\UNC\fileclstr\Websites\WebsiteName\API\logs\stdout_20191205204322_15236.log, ErrorCode = '0x800700a1'."

Application EventLog for Source: .NET Runtime Error: "Application: DistributedServices.WebsiteName.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Net.Sockets.SocketException at System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.SocketTransport.BindAsync() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer+<>c__DisplayClass21_01+<<StartAsync>g__OnBind|0>d[[Microsoft.AspNetCore.Hosting.Internal.HostingApplication+Context, Microsoft.AspNetCore.Hosting, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder+<BindEndpointAsync>d__3.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions+<BindAsync>d__43.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder+AddressesStrategy+<BindAsync>d__2.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder+<BindAsync>d__0.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer+<StartAsync>d__211[[Microsoft.AspNetCore.Hosting.Internal.HostingApplication+Context, Microsoft.AspNetCore.Hosting, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Hosting.Internal.WebHost+d__26.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Hosting.WebHostExtensions+d__5.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Hosting.WebHostExtensions+d__4.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(Microsoft.AspNetCore.Hosting.IWebHost) at DistributedServices.WebsiteName.Program.Main(System.String[])"

Application Eventlog for Source: "Application Error" Error: "Faulting application name: DistributedServices.WebsiteName.exe, version: 1.0.0.0, time stamp: 0xf4041a68 Faulting module name: KERNELBASE.dll, version: 10.0.14393.3321, time stamp: 0x5da7e8d8 Exception code: 0xe0434352 Fault offset: 0x000dc232 Faulting process ID: 0x2bf8 Faulting application start time: 0x01d5abaca2aaaf51 Faulting application path: \fileclstr\Websites\WebsiteName\API\DistributedServices.WebsiteName.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report ID: c68c4bdd-e46d-4628-8be3-63b1f6cc78dc Faulting package full name: Faulting package-relative application ID: "

Application EventLog Source: "IIS AspNetCore Module V2" Warning: "Application '/LM/W3SVC/1/ROOT/api' with physical root '\fileclstr\Websites\WebsiteName\API\' failed to start process with commandline '\fileclstr\Websites\WebsiteName\API\DistributedServices.WebsiteName.exe ' at stage 'PostStartCheck', ErrorCode = '0x8027025b', assigned port 38520, retryCounter '1'."

Here is the web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <remove name="aspNetCore" />
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
    </handlers>
    <httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough">
      <clear />
    </httpErrors>
    <aspNetCore processPath=".\DistributedServices.WebSiteName.exe" arguments="" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout"  />
  </system.webServer>
</configuration>

Thank you in advance for any suggestions.

Asp.net Core 2.2, kestrel out of process, IIS10, Windows Server 2016.

asp.net-core-2.2
windows-server-2016
iis-10
kestrel-http-server
asked on Stack Overflow Dec 5, 2019 by John Corker • edited Dec 5, 2019 by John Corker

1 Answer

1

This has taken many days, but I've finally got there.

The user had permissions on \\fileclstr\Websites\WebsiteName\ but this seemingly was not enough, and giving permissions to \\fileclstr\Websites\ allowed this to run in IIS out-of-process mode .NET Core targeting the full framework.

Thank you for your comments.

answered on Stack Overflow Dec 10, 2019 by John Corker

User contributions licensed under CC BY-SA 3.0