Rediscovering the Obvious

…stumbling in the footsteps of greatness

Using IIS7 Failure Tracing

without comments

    In the process of debugging an issue with a sample web application, I was forced to learn a bit more about IIS7′s management model, and I found some very valuable information.

    The problem: the user my request was running as did not have ACL-level access to the .svc file for that web service.

    My old solution: Try random accounts before giving up and just giving access to "Everyone" for the entire web tree. (Yes, bad, but it’s a sample)

    My hope: There is a way to find out via logs, console, etc what the actual user is based on the actual failure rather than looking at all security configurations and randomly trying the referenced accounts.

    What I found:

    Open IIS manager, click at the web site level, and choose "Failed Request Tracing Rules"

    clip_image001[5]

    On the right, choose "Edit Site Tracing…"

    clip_image002

    Check "Enable", and note the location of the log files (note, there are implications on production sites. I don’t know what they are. Be warned.)

    clip_image003

    Now, click "Add…" on the right, and choose your settings:

    clip_image004

    clip_image005

    clip_image006

    When you finish, you’ll see something like this:

    clip_image007

    At this point, you can go to your logs folder and see the XML results of any errors that match your filters:

    clip_image008

    Opening one of those applies a nice transform (freb.xsl, I assume), and we have our data:

    clip_image009

    Including my answer:

    clip_image010

    And lots of other cool information:

    clip_image011

    clip_image012

    clip_image013

    And a summary view:

    clip_image014

    Including some really useful information that I would usually try to get out of Fiddler2 because of the challenge in collecting it in some configurations:

    clip_image015

    clip_image016

    clip_image017

Written by erwilleke

June 9th, 2009 at 7:11 am

Posted in Uncategorized

Leave a Reply