Article ID: 310588 - Last Review: March 22, 2007 - Revision: 4.10

PRB: Security Toolkit Breaks ASP.NET Debugging in Visual Studio .NET

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
This article was previously published under Q310588
Expand all | Collapse all

SYMPTOMS

When you debug ASP.NET programs in Visual Studio .NET after you install the Microsoft Security Toolkit, you receive the following error message:
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged.

For ASP.NET projects, verify that you have a valid project file called 'Web.config' for the URL specified and 'debug' is set to 'true' in that file.
For ATL Server projects, verify that the 'DEBUG' verb is associated with your ISAPI extension.
Would you like to disable future attempts to debug ASP.NET pages for this project?
Back to the top

CAUSE

The Microsoft Security Toolkit locks down the server so that it only permits certain verbs to be passed through to Microsoft Internet Information Services (IIS). The verb "debug" is not added to the list of approved verbs.
Back to the top

RESOLUTION

To resolve this problem, locate the Urlscan.ini file in the WinNT\System32\Inetsrv\Urlscan folder. Under the [AllowVerbs] section of Urlscan.ini, add "debug" verbs to the list of approved verbs. Note that adding verbs to the [AllowVerbs] section of Urlscan.ini may lead to possible security compromises, you must also run "iisreset" to clear the cache.

If you do not want to allow the "debug" verb, you can manually attach to the Aspnet_wp.exe (or W3wp.exe, for applications that run on Internet Information Services [IIS] 6.0 ) process to debug in Visual Studio .NET.
Back to the top

REFERENCES

For more information about the Microsoft Security Toolkit, see the following Microsoft Web site:
Microsoft Security Tool Kit: Guides, Updates, and Tools
http://technet.microsoft.com/en-us/security/cc297183.aspx (http://technet.microsoft.com/en-us/security/cc297183.aspx)

For more information about the UrlScan Security Tool, see the following Microsoft Web site:
UrlScan Security Tool
http://technet.microsoft.com/en-us/security/cc242650.aspx (http://technet.microsoft.com/en-us/security/cc242650.aspx)
Back to the top
APPLIES TO
  • Microsoft ASP.NET 1.1
  • Microsoft Visual Studio .NET 2003 Academic Edition
  • Microsoft Visual Studio .NET 2003 Enterprise Architect
  • Microsoft Visual Studio .NET 2003 Enterprise Developer
  • Microsoft Visual Studio .NET 2003 Professional Edition
  • Microsoft ASP.NET 1.0
  • Microsoft Visual Studio .NET 2002 Professional Edition
  • Microsoft Visual Studio .NET 2002 Enterprise Architect
  • Microsoft Visual Studio .NET 2002 Enterprise Developer
  • Microsoft Visual Studio .NET 2002 Academic Edition
Back to the top
Keywords: 
kbdebug kberrmsg kbprb kbreadme kbsectools kbsecurity KB310588
Back to the top