IIS7 Failed to grant minimum permission requests
I had a similar problem when I rebuilt my dev machine with a clean Windows 7 install. After hunting around I discovered a solution that worked for me.
In your IIS application pool advanced settings, under "Process Model", set Load User Profile to true.
There are some other things to check like your trust level, but none of them applied to me (it was all full trust already on my dev machine). Setting the application pool to load user profile fixed it.
I've seen this error in another instance where, for example, IIS is running an application or virtual path via a UNC path (i.e. \\svr\share\folder
). Even if Load User Profile=true
I still got the PolicyException error. It was solved by running the Code Access Security Policy Tool (Caspol.exe) to add full trust to the UNC path. Since we had both 64 bit
and 32 bit
of .Net 2.x
and .Net 4.x
, I ran it in all four environments as follows:
%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\caspol.exe -pp off -m -ag 1 -url "file:////\\svr\share\folder\*" FullTrust -exclusive on
%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\caspol.exe -pp off -m -ag 1 -url "file:////\\svr\share\folder\*" FullTrust -exclusive on
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\caspol.exe -pp off -m -ag 1 -url "file:////\\svr\share\folder\*" FullTrust -exclusive on
%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\caspol.exe -pp off -m -ag 1 -url "file:////\\svr\share\folder\*" FullTrust -exclusive on
Some notes of caution:
- For
.Net 4.x
be sure to enable the NetFx40_LegacySecurityPolicy totrue
or thecaspol.exe
commands won't work as expected. Do not add duplicate entries with
caspol.exe
for a given environment. Run the commands below to view your entries:%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\caspol.exe -a -lg
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\caspol.exe -a -lg
%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\caspol.exe -a -lg
%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\caspol.exe -a -lg
We had a similar issue with Windows 2008 R2 where our application would work fine in 64bit mode but when switched to 32 bit mode would cease to function and throw the permission error, turns out, in IIS7 under Advanced Settings >> Process Model >> the "Identity" setting had been switched to "Application Pool Identity" by default and may need changed to "Network Service" to work in 32 bit mode.
We did that and now we are humming along smoothly. Figured this tidbit of info may be the reason that everyone points to folder permissions, because technically it is a folder permission issue. But the change was in IIS and not the security settings on the folders themselves.