 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Visual Studio.NET / Debugging / February 2008VS 2008, IIS and Vista debugging
Hi, is there a way to debug an IIS ASP.NET web application under Vista without to be an administrator? Following the message of VS2008, the account needs to be an administrator. Earlier there where ways to debug without admin privileges: Under Win2003, use the same user account for the AppPool Identity; under XP, modify the "processModel" in the machine config. Thanks for any help. Eric Hi Eric, While you are performing the debugging on the Asp.net application under non-Admin account what error do you get? Do you get the error of launching the IE7 to connect the server or error from attaching the server-side process? There may be some problem of launching "Protected Mode" of IE7 for Asp.net debugging under non-Admin. You can change IE's "Protected Mode" setting by double-clicking the text "Protected Mode: On" in the status bar of IE and then unchecking the "Enable Protected Mode" checkbox. Be sure not to browse any web pages while you're in this mode (or use any programs that do) and turn Protected Mode back on as soon as you're done debugging. Another approach you may try is setting the Debugging options in VS.NET to "Wait for external object to attach". After doing that, you can debug as usual by hitting F5. VS.NET will attach to the process and wait for you to browse to the page manually using a new instance of IE. If it is the server-side permission issue, you may try to add this user into the "Debug Users" group. The article below contains some useful information: http://support.microsoft.com/?id=817265 Anyway, please provide more details for us to analysis. Thanks. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Eric, Oh, after discussing this issue with other Asp.net experts, I was told that the answer is no. This definite article should be helpful to clarify this: "Debugging IIS 7 with Visual Studio 2005 on Windows Vista" http://www.iis.net/articles/onepagearticle.ashx/IIS7/Extending-IIS7/Debuggin g-IIS7/Debugging-IIS-7-with-Visual-Studio-2005-on-Windows from the article: "The developer must also run Visual Studio 2005 using the "Run as Administrator" option." Note also the need for this fix which is applicable to Vista Home Basic and Premium editions: http://support.microsoft.com/kb/937523 Note that you need SP1 to install that fix. But you still need to be an administrator. The fix is only for the problem that is specific to Vista Home Basic and Premium editions. Hope this helps. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Jeffrey, Thanks for answering, I'm using VS2008 and Vista Business, I don't think that I need to apply the fix (and I have Windows Authentication enabled). So you tell me, that there's no way around using admin privileges. Do you have some more explanation, why it doesn't work like in Win2003 with IIS6? Eric Hi Eric, Thanks for your feedback. I am not sure of the reason yet. I suspect it may be caused by the Session 0 isolation feature of Vista. Anyway, I will consult this issue with the VS debugger team, I hope they can provide some insight. I will post any feedback here ASAP. Thanks. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Eric, Sorry for letting you wait. I have discussed this issue with VS debugger team and several other security experts. Actually, there are a lot of scenarios that may need Admin right: 1. You need to be an admin to debug another users process.(The ACL setting on the kernel process object will only grant to its creator account) 2. You normally need to be an admin to update IIS config, or to write to intepub 3. You need to be an admin for certain cross-session operations.(This is due to the Session 0 isolation feature in Vista) So, our recommendation: If you want to do non-admin, stick to File-system webs. It is possible to edit IIS configuration as a Non-admin but you have to do some ACL management first: http://blogs.msdn.com/jaredpar/archive/2005/02/04/367137.aspx From security perspective, there are ways to do asp.net same-box debugging as a non-admin pre-Vista(e.g., running the app pool under your own account, using the user-mode web server, etc.) but we are not recommended that. The problem with doing work that way is kind of the same situation that leads to LUA bugs: you're doing dev/test in an environment that is significantly different from that of production. In this case, you're running a web app using an interactive user account with its profile loaded, etc. The way we prefer to work is to have IIS 6.0 on a separate machine (typically a virtual machine), run Visual Studio as my usual non-admin account, but connect to the web server using an account that is admin on the web server. Either add your account to the admins group on that server, or use "runas /netonly /u:IISBOX\adminaccount devenv.exe" so that you remain you locally but authenticate as the remote admin when you connect to the web server. Hope this makes sense to you. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Jeffrey, Thanks for your repsonse. I think, is better to use the File-System Web. I have now a case where I can't use it (old ASP.NET 1.0 legacy), there I will use it as administration. Thanks again Eric Hi Eric, Yes, this is a trade-off between security and convenience which has caused a lot of discussion after Vista came out. There is one interesting blog post talking about the security feature vs convenient written by Microsoft Vice President Jim. If you are curious, you may read it below: "Security Features vs. Convenience " http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/23/security-f eatures-vs-convenience.aspx Anyway, if you need further help, please feel free to post, thanks. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Eric, Furthermore, below is our discussion result from security side: "non-admin dream" was never meant to include operations that SHOULD require admin, like debugging services. Web app dev/debug is a legitimate admin operation (on the web server -- vista has a web server, but not intended for production use). Thanks. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.