This article was previously published under Q310588
This article has been archived. It is offered "as is" and will no longer be updated.
When you debug ASP.NET programs in Visual Studio .NET after you install the Microsoft Security Toolkit, you receive the following error message:
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged.
For ASP.NET projects, verify that you have a valid project file called 'Web.config' for the URL specified and 'debug' is set to 'true' in that file. For ATL Server projects, verify that the 'DEBUG' verb is associated with your ISAPI extension. Would you like to disable future attempts to debug ASP.NET pages for this project?
The Microsoft Security Toolkit locks down the server so that it only permits certain verbs to be passed through to Microsoft Internet Information Services (IIS). The verb "debug" is not added to the list of approved verbs.
To resolve this problem, locate the Urlscan.ini file in the WinNT\System32\Inetsrv\Urlscan folder. Under the [AllowVerbs] section of Urlscan.ini, add "debug" verbs to the list of approved verbs. Note that adding verbs to the [AllowVerbs] section of Urlscan.ini may lead to possible security compromises, you must also run "iisreset" to clear the cache.
If you do not want to allow the "debug" verb, you can manually attach to the Aspnet_wp.exe (or W3wp.exe, for applications that run on Internet Information Services [IIS] 6.0 ) process to debug in Visual Studio .NET.
For more information about the Microsoft Security Toolkit, see the following Microsoft Web site: