FIX: Access Denied Msg. Returned When You Access ASP Files

ID: Q172954

The information in this article applies to:
  • Active Server Pages, used with:
    • Microsoft Internet Information Server versions 3.0, 4.0

SYMPTOMS

When you try to load secure Active Server Pages (ASP files) on Microsoft Internet Information Server (IIS) servers with more than sixty virtual Roots, you may get the following error even if the user account has been Granted explicit rights to the file:

HTTP Error 401 Access Denied
NOTE: This only occurs if the file permissions have been changed to grant the user account rights to the file after it has been accessed at least once.


CAUSE

This problem occurs because ASP caches template files after they have been executed; therefore, they will not need to be continually recompiled. The files are cached with a copy of the full Discretionary Access Control List (DACL) as well as the file date attributes.

ASP uses the cached version of the DACL to determine if a user has sufficient privilege to execute the ASP file.

On IIS with more than sixty virtual roots, cached template files are reloaded when the files last modified date changes. Because changes in file permissions do not change a file's last modified attribute, cached versions of files are not reloaded after permission changes. Therefore, the accounts recently given rights to a cached ASP file may get access denied until the file is reloaded by a file size change, etc.

NOTE: ASP uses notification handles on IIS servers with less than sixty virtual roots. Because notification handles trigger on security changes this is not a problem for IIS servers with less than sixty virtual roots.


RESOLUTION

The Asp.dll file was modified to check for cached file reload based on the files DACL as well as the last modified date.


STATUS

Microsoft has confirmed this to be a problem in Microsoft Active Server Pages version 1.0b. A supported fix is now available, but is not fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Product Support Services for more information.

This bug was corrected in Windows 2000.


REFERENCES

For the latest Knowledge Base artices and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/support/vinterdev/

Additional query words: prodnt

Keywords : kberrmsg kbASP kbNTOS400 kbWinOS2000fix kbWebServer kbGrpASP kbiis300bug kbiis400bug kbiis500fix
Version : winnt:3.0,4.0
Platform : winnt
Issue type : kbbug


Last Reviewed: December 8, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.