Microsoft KB Archive/315904

= BUG: &quot;ExternalException: Cannot Execute a Program&quot; Error Message When You Call WebServices from .aspx Page =

Article ID: 315904

Article Last Modified on 3/29/2007

-

APPLIES TO


 * Microsoft ASP.NET 1.0
 * Microsoft Web Services Enhancements for Microsoft .NET 2.0
 * Microsoft Web Services Enhancements for Microsoft .NET 1.1

-



This article was previously published under Q315904



SYMPTOMS
If you use Simple Object Access Protocol (SOAP) to call the WebServices method from an .aspx page, the .aspx page may fail when you run the Microsoft Internet Information Services (IIS) Lockdown tool. In addition, you may receive the following error message:

[ExternalException (0x5): Cannot execute a program. The command being executed was &quot;d:\winnt\microsoft.net\framework\v1.0.3408\csc.exe&quot; /noconfig @&quot;D:\WINNT\TEMP\eyrpuhyg.cmdline&quot;.]

This problem only affects Web applications or Web services that are clients of a Web service and that impersonate the Anonymous user account.



CAUSE
The IIS Lockdown tool denies execution access for the IUSR_ and the IWAM_  accounts to every executable file (*.exe) in the Windows directory (%windir%). This includes framework tools such as the Csc.exe file, which the XmlSerializer class uses. When a Web application or a Web service impersonates IUSR_ or IWAM_, the Web application or the Web service cannot use XmlSerializer to serialize objects into Extensible Markup Language (XML) documents.

Note This problem does not affect the server side of a Web service because XmlSerializer is generated and compiled outside of the impersonation.



RESOLUTION
To resolve this problem, use one of the following methods:
 * Use a different, non-Anonymous account to impersonate. (This is the recommended method.)
 * Add sufficient permission for the executable files in the Windows directory.



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.



Steps to Reproduce the Behavior
 Allow Anonymous access on the IIS application.  Enable impersonation for the Web application in the local Web.config file as follows:     Run the IIS Lockdown tool, or deny access to the IUSR_ or the IWAM_  account on the Csc.exe file before you request the page.</ol>

<div class="references_section">