IIS 6 – Providing UNC drives full trust in .NET

I still work with servers running IIS 6 for development sites. Most of these sites get migrated to shared hosts later, but for development, we just run them on a couple dev servers. The files for these sites sit on another server in the network with a shared drive. This allows a central point for file location and makes backup easier.

From time to time I’ve had to put a new IIS 6 server on-line or move the location of the shared files. Almost ALWAYS I end up stuck with sites not working even though I’ve allowed full trust. So what happens?

When configuring a website in IIS, it gives you the option of where the site files will be located. They can be on the local server or via a UNC shared drive. If you just have HTML files, using a shared drive normally doesn’t have a problem. When you run .NET you’ll probably see something like

“The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.”

If you search around online, you’ll find the fix is fairly easy. Open a DOS box, navigate to Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ and run the following

caspol.exe -m -ag 1 -url “file:////\\server-name\share-dir-name\*” FullTrust -exclusive on

Then restart IIS.

But here is something most searches fail to mention – If this is a 64 bit OS, you will probably need to do this for 64 bit framework as well. (This is what always gets me).

Go back to your DOS box and go into Drive:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\

Then run the caspol command again.