Article ID: 894903 - View products that this article applies to.
Consider the following scenario. You install Microsoft Windows SharePoint Services on a server. Microsoft Internet Information Services (IIS) 6.0 is configured for use with Microsoft ASP.NET 2.0 on that server. When you connect to the home page of a Windows SharePoint Services Web site, you receive the following error message:
Note that the xxxxx in ASP.NET 2.0.xxxxx.0 indicates the version of ASP.NET 2.0 that you are running.
The Windows SharePoint Services virtual server has not been configured for use with ASP.NET 2.0.xxxxx.0. For more information, please refer to Knowledge Base article 894903 at http://go.microsoft.com/fwlink/?linkid=42660.
ASP.NET 2.0 implements a new security change that helps lock down security for a virtual server in IIS 6.0. In earlier versions of ASP.NET, code runs at the trust level that is assigned to it. The trust level is determined by the code access security policy file. The Wss_minimaltrust.config file is an example of a code access security policy file that is specified in the Web.config file.
The new security change in ASP.NET 2.0 restricts the permissions of Web pages, Web parts, and controls to the intersection between the ASP.NET PermissionSet and the trust level at which the code runs. In this configuration, the ASP.NET PermissionSet is a declarative representation of a PermissionSet instance. By default, Windows SharePoint Services gives only minimal privileges to the ASP.NET PermissionSet. The security change that is implemented in ASP.NET 2.0 causes some code to run with reduced privileges. For example, code from assemblies in the global assembly cache previously ran at a full-trust level. When you configure the virtual server in IIS 6.0 to use ASP.NET 2.0, the code runs with the privileges that are assigned to the ASP.NET PermissionSet. The lockdown is incompatible with Windows SharePoint Services. Therefore, the lockdown must be disabled in the Web.config file.
ASP.NET 2.0 also includes a new capability called event validation. Event validation monitors callbacks to the ASP.NET infrastructure to make sure that the source of a callback equals the control target. Some Windows SharePoint Services pages use callbacks that are not associated with a particular control. Callbacks that are not associated with a particular control can cause page execution errors. Therefore, Windows SharePoint Services 2.0 is not compatible with the ASP.NET 2.0 event validation capability. When you configure a Windows SharePoint Services-extended Web application on a server that has ASP.NET 2.0 installed, you must turn off ASP.NET 2.0 event validation.
Use the Windows SharePoint Services Stsadm.exe command-line tool to update the settings in the Web.config file. To do this, use the following command:
stsadm -o upgrade -forceupgrade -url http://URLOftheVirtualServerThe command updates the Web.config file that is located in the root folder of the virtual server. For example, the command updates the Web.config file that is located in the Drive:\Inetpub\Wwwroot folder. The upgrade operation makes the following changes:
If you change the version of ASP.NET that the virtual server uses from ASP.NET 2.0 to ASP.NET 1.1, you must use the Stsadm.exe command-line tool to update the settings in the Web.config file. To do this, use the following command:
stsadm -o upgrade -forceupgrade -url http://URLOftheVirtualServerThe command removes the elements that were previously added to the Web.config file. That is, the following changes are made to the Web.config file:
Or, if the CustomErrors feature is enabled, you receive the following error message:
Server Error in '/' Application.
Unrecognized attribute 'processRequestInApplicationTrust'.
Line 66: <compilation batch="false" debug="false" /> Line 67: <pages enableSessionState="false" enableViewState="true" enableViewStateMac="true" validateRequest="false" /> Line 68: <trust level="WSS_Medium" originUrl="" processRequestInApplicationTrust="true"/> Line 69: <machineKey validationKey="A4CE4E781E8FCF0763F6D8309BB2394532B29E2DA9DD555F" decryptionKey="2AF183D38F95610298659AB9E30B9B1B4AC6A6D362D8D5F7" validation="SHA1" /> Line 70: </system.web> Source File: c:\inetpub\wwwroot\web.config Line: 68
For more information about the Stsadm.exe command-line tool, see the "Command-Line Operations" topic, the "Command-Line Parameters" topic, and the Command-Line-Properties" topic in the "Reference" chapter of the Microsoft Windows SharePoint Services Administrator's Guide. To obtain the Microsoft Windows SharePoint Services Administrator's Guide, visit the following Microsoft Web site:
Article ID: 894903 - Last Review: September 7, 2006 - Revision: 3.6