80070005 Access is denied,when asp.net website with crystal report is deployed on dedicated server

Question

I have an asp.net application which is displaying the report using crystal report.The application is working properly on my local PC.I deployed this application on our dedicated server and also installed crystal report run time engine on dedicated server.when i try to press the report in order to see the report,i am getting the above error.I changed the permission of folder "C:\Windows\Temp" to full controll(by choosing property of "temp" folder,full controll permission for all users(IIS-users,network..etc)).I am not sure whether this is the right way to give full control permission to this folder(i am not that much aware about networking concepts).But i am still getting the same error.The error is:

Retrieving the COM class factory for component with CLSID {4DB2E2BB-78E6-4AEA-BEFB-FDAAB610FD1B} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Retrieving the COM class factory for component with CLSID {4DB2E2BB-78E6-4AEA-BEFB-FDAAB610FD1B} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Answer 1

I have the same problem on a client's windows server 2003 machine running IIS6. Their server is very locked-down compared to normal servers, and something in that locking-down is probably the problem. I haven't experienced this problem on dozens of other clients' servers. I haven't solved the problem yet but here are some steps from what I've learned so far...

First thing to do is double-check which Application Pool your app is running under, and then check which Identity the App Pool is using (e.g. Network Service or Application Pool Identity or...). This is important to ensure you're giving permissions to the right user. Don't go any further until you're sure about this.

Next check if you're using IIS Impersonation (probably you're not unless you know what it is). This is where the application pool is sort-of running under the identity of the user ... this would only be the case if you're using Windows Authentication and in the web.config you have <identity impersonate="true" />. If you are using Impersonation then probably you have to give end users all the necessary file and/or COM access. If not (as in my case) it should just be a matter of checking the permissions are right for your application pool's user or IIS users group.

Once you know the right identity for permissions, try these steps:

• If it's a 64-bit machine check you have Enable 32-bit applications enabled for the Application Pool (or that you have the 64-bit runtime installed)
• Check the Application Pool identity has access to the C:\Windows\Temp folder (you've mentioned you've done this but I thought I'd list it for anyone else encountering the problem).
• Check the Application Pool identity has access to the Crystal Reports folder, e.g. C:\Program Files\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\. You can find the folder by opening regedit.exe and navigate to HKEY_CLASSES_ROOT\CLSID\{4DB2E2BB-78E6-4AEA-BEFB-FDAAB610FD1B}\InProcServer32. Get the path from the (default) value for that registry key and check the permissions on the parent folder for that path. Try giving Full Control to the folder to the right identity to see if that fixes the problem.

• I'm not sure if this is relevant, but possibly adding <startup useLegacyV2RuntimeActivationPolicy="true"> to the web.config might help ... it was suggested in this post relating to a different COM application having similar problems so worth a go? So you'd add this inside the tag within web.config:

  <startup useLegacyV2RuntimeActivationPolicy="true"> 
       <supportedRuntime version="v4.0"/> 
  </startup>
  

• Check the COM permissions on the server:

  • open Component Services from Control Panel > Administrative Tools
  • expand Component Services > Computers > My Computer then right-click > properties
  • click on the COM Security tab
  • In the Launch and Activation Permissions click on the Edit Default... button
  • Check the Launch and Activation Permissions permissions listed. If your app pool user isn't listed can try adding it with all 4 Allow permissions and retest. If that doesn't solve the problem then undo any changes.
• If none of this has solved it then I suggest downloading Process Monitor and try to determine what it's trying to do that hits an Access Denied. This is the next step for me on the problem so if I find anything out I'll update this answer.