Help and Support
 

powered byLive Search

PRB: Security Toolkit Breaks ASP.NET Debugging in Visual Studio .NET

View products that this article applies to.
Article ID:310588
Last Review:March 22, 2007
Revision:4.7
This article was previously published under Q310588

SYMPTOMS

When you debug ASP.NET programs in Visual Studio .NET after you install the Microsoft Security Toolkit, you receive the following error message:
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged.

For ASP.NET projects, verify that you have a valid project file called 'Web.config' for the URL specified and 'debug' is set to 'true' in that file.
For ATL Server projects, verify that the 'DEBUG' verb is associated with your ISAPI extension.
Would you like to disable future attempts to debug ASP.NET pages for this project?

Back to the top

CAUSE

The Microsoft Security Toolkit locks down the server so that it only permits certain verbs to be passed through to Microsoft Internet Information Services (IIS). The verb "debug" is not added to the list of approved verbs.

Back to the top

RESOLUTION

To resolve this problem, locate the Urlscan.ini file in the WinNT\System32\Inetsrv\Urlscan folder. Under the [AllowVerbs] section of Urlscan.ini, add "debug" verbs to the list of approved verbs. Note that adding verbs to the [AllowVerbs] section of Urlscan.ini may lead to possible security compromises, you must also run "iisreset" to clear the cache.

If you do not want to allow the "debug" verb, you can manually attach to the Aspnet_wp.exe (or W3wp.exe, for applications that run on Internet Information Services [IIS] 6.0 ) process to debug in Visual Studio .NET.

Back to the top

REFERENCES

For more information about the Microsoft Security Toolkit, see the following Microsoft Web site:
Microsoft Security Tool Kit: Guides, Updates, and Tools
http://www.microsoft.com/technet/security/tools/default.mspx (http://www.microsoft.com/technet/security/tools/default.mspx)

For more information about the UrlScan Security Tool, see the following Microsoft Web site:
UrlScan Security Tool
http://technet.microsoft.com/en-us/security/cc242650.aspx (http://technet.microsoft.com/en-us/security/cc242650.aspx)

Back to the top

APPLIES TO
Microsoft ASP.NET 1.1
Microsoft Visual Studio .NET 2003 Academic Edition
Microsoft Visual Studio .NET 2003 Enterprise Architect
Microsoft Visual Studio .NET 2003 Enterprise Developer
Microsoft Visual Studio .NET 2003 Professional Edition
Microsoft ASP.NET 1.0
Microsoft Visual Studio .NET 2002 Professional Edition
Microsoft Visual Studio .NET 2002 Enterprise Architect
Microsoft Visual Studio .NET 2002 Enterprise Developer
Microsoft Visual Studio .NET 2002 Academic Edition

Back to the top

Keywords: 
kbdebug kberrmsg kbprb kbreadme kbsectools kbsecurity KB310588

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.