Microsoft KB Archive/172954

= FIX: "Access Denied" Error When You Access ASP Files =

Article ID: 172954

Article Last Modified on 5/2/2006

-

APPLIES TO

 Microsoft Active Server Pages 4.0, when used with:  Microsoft Internet Information Server 3.0

 Microsoft Internet Information Server 4.0 

-



This article was previously published under Q172954



SYMPTOMS
When you try to load secure Active Server Pages (ASP) files on Microsoft Internet Information Server (IIS) servers with more than sixty virtual Roots, you may get the following error even if the user account has been granted explicit rights to the file:

HTTP Error 401 Access Denied

NOTE: This only occurs if the file permissions have been changed to grant the user account rights to the file after it has been accessed at least once.



CAUSE
This problem occurs because ASP caches template files after they have been executed; therefore, they will not need to be continually recompiled. The files are cached with a copy of the full Discretionary Access Control List (DACL) as well as the file date attributes.

ASP uses the cached version of the DACL to determine if a user has sufficient privilege to execute the ASP file.

On IIS with more than sixty virtual roots, cached template files are reloaded when the files last modified date changes. Because changes in file permissions do not change a file's last modified attribute, cached versions of files are not reloaded after permission changes. Therefore, the accounts recently given rights to a cached ASP file may get access denied until the file is reloaded by a file size change, etc.

NOTE: ASP uses notification handles on IIS servers with less than sixty virtual roots. Because notification handles trigger on security changes this is not a problem for IIS servers with less than sixty virtual roots.



RESOLUTION
The Asp.dll file was modified to check for cached file reload based on the files DACL as well as the last modified date.

<div class="status_section">

STATUS
Microsoft has confirmed this to be a problem in Microsoft Active Server Pages version 1.0b. A supported fix is now available, but is not fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Product Support Services for more information.

This bug was corrected in Windows 2000.

<div class="references_section">