PRB: Security Toolkit Breaks ASP.NET Debugging in Visual Studio .NET (310588)


The information in this article applies to:

  • Microsoft ASP.NET (included with the .NET Framework 1.1)
  • Microsoft Visual Studio .NET (2003), Academic Edition
  • Microsoft Visual Studio .NET (2003), Enterprise Architect Edition
  • Microsoft Visual Studio .NET (2003), Enterprise Developer Edition
  • Microsoft Visual Studio .NET (2003), Professional Edition
  • Microsoft ASP.NET (included with the .NET Framework) 1.0
  • Microsoft Visual Studio .NET (2002), Professional Edition
  • Microsoft Visual Studio .NET (2002), Enterprise Architect Edition
  • Microsoft Visual Studio .NET (2002), Enterprise Developer Edition
  • Microsoft Visual Studio .NET (2002), Academic Edition
This article was previously published under Q310588

SYMPTOMS

When you debug ASP.NET programs in Visual Studio .NET after you install the Microsoft Security Toolkit, you receive the following error message:
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged.

For ASP.NET projects, verify that you have a valid project file called 'Web.config' for the URL specified and 'debug' is set to 'true' in that file.
For ATL Server projects, verify that the 'DEBUG' verb is associated with your ISAPI extension.
Would you like to disable future attempts to debug ASP.NET pages for this project?

CAUSE

The Microsoft Security Toolkit locks down the server so that it only permits certain verbs to be passed through to Microsoft Internet Information Services (IIS). The verb "debug" is not added to the list of approved verbs.

RESOLUTION

To resolve this problem, locate the Urlscan.ini file in the WinNT\System32\Inetsrv\Urlscan folder. Under the [AllowVerbs] section of Urlscan.ini, add "debug" verbs to the list of approved verbs. Note that adding verbs to the [AllowVerbs] section of Urlscan.ini may lead to possible security compromises, you must also run "iisreset" to clear the cache.

If you do not want to allow the "debug" verb, you can manually attach to the Aspnet_wp.exe (or W3wp.exe, for applications that run on Internet Information Services [IIS] 6.0 ) process to debug in Visual Studio .NET.

REFERENCES

For more information about the Microsoft Security Toolkit, see the following Microsoft Web site:

Microsoft Security Tool Kit: Guides, Updates, and Tools
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/stkintro.mspx


For more information about the UrlScan Security Tool, see the following Microsoft Web site:

UrlScan Security Tool
http://www.microsoft.com/technet/security/tools/urlscan.mspx

Modification Type:MinorLast Reviewed:7/8/2005
Keywords:kbDebug kberrmsg kbprb kbreadme KbSECTools kbSecurity KB310588 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.