SLAM.Config Access Denied

Nov 9, 2009 at 8:04 PM

I receive the following message when accessing the SLAM Control Panel.  My way around this is to specifically grant my user account access to that folder via the properties-security tab on the server itself.  My account is already assigned as a collection administrator and does not have any other security related issues that I am aware of.  Is this normal behavior?  Is there some other issue at work here?  Here's the message I receive:

Welcome to the SLAM Control Panel!

SLAM has encountered the following error:

System.UnauthorizedAccessException: Access to the path 'C:\inetpub\wwwroot\wss\VirtualDirectories\8080\slam.config' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings) at System.Xml.Linq.XDocument.Load(String uri, LoadOptions options) at System.Xml.Linq.XDocument.Load(String uri) at AWS.SLAM.Configuration.XmlConfigurationManager..ctor() at AWS.SLAM.StructureMap.SLAMRegistry.configure() at StructureMap.Configuration.DSL.Registry..ctor() at AWS.SLAM.StructureMap.ComponentFactory.Initialize() at AWS.SLAM.StructureMap.ComponentFactory.ResetContainer() at AWS.SLAM.ComponentService.ClearInstances() at AWS.SLAM.Administration.SLAMControlPanel.Page_Load(Object sender, EventArgs e)

Thanks

Developer
Nov 9, 2009 at 8:25 PM

Being a site collection administrator is a setting in the SharePoint database, it has nothing to do with the filesystem.  The error you are getting is because the account that sharepoint is running under doesn't have access to read the file.  If you say that granting your own user account access to the file solves the problem, I can only guess that you have configured the sharepoint appool to run under your user account.

Allan

Nov 9, 2009 at 9:31 PM

The apppool is running under the networkservice identity but the site is using windows authentication (and also asp.net auth).  That's most likely why when I specifically grant access to the folder the error goes away.  However, since everything else in sharepoint seems to work fine, shouldn't I be able to read the slam.config file without having to alter permissions on that folder?  Would you advise running the apppool or website under something other than the NetworkService account, not that I'm looking for sharepoint best practices here. 

I went and modified the website's authentication settings, disabling asp.net authentication and leaving only windows authentication enabled.   Now it seems to work as expected.  I just don't know yet if disabling asp.net authentication will break anything else.  I assume it was enabled by default when sharepoint was installed.

Matt