Web applications running on IIS 7.5 and that rely on SQL Server Express user instancing will fail to run using the default IIS 7.5 security configuration on both Windows 7 Client and Windows Server 2008 R2. Developers will encounter problems developing web applications using Visual Studio 2005 + SQL Server Express 2005, Visual Studio 2008 + SQL Server Express 2008, or Visual Studio 2010 + SQL Server Express 2008 on both Windows 7 Client and Windows Server 2008 R2.
Developers will encounter similar problems attempting to develop web application projects (WAP) or websites hosted under IIS6/IIS7/IIS7.5 that rely on SQL Server Express user instances where the WAP project structure or website folder structure exists in a user's Documents folder. This issue exists for all versions of Visual Studio regardless of the underlying operating system version. A web application that attempts to create a database or read/write to a database using SQL Server Express user instance mode can encounter any of the following errors:
An attempt to attach an auto-named database for file c:\Users\[YourUserAccountName]\Documents\Visual Studio 20XX\Projects\[YourSolutionName]\[YourProjectnName]\App_Data\aspnetdb.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed.
NOTE: A web application relies on SQL Server Express' user instance mode if either of the following is true:
For Windows Server 2008 R2 and Windows 7
The default security configuration for IIS 7.5 sets application pools to run as the "application pool identity". Running an application pool using this special identity was first introduced as an optional setting in Vista SP2 and Windows Server 2008 SP2. On Windows 7 Client and Windows Server 2008 R2 this special identity is now the default.
Web applications built with Visual Studio 2005, Visual Studio 2008, or Visual Studio 2010 and that rely on user instancing with either SQL Server Express 2005 or SQL Server Express 2008 do not work with the new application pool identity. These products were developed and tested against application pools running with the older NETWORK SERVICE account.
For Web Application Projects and Websites Located in a User's Documents Folder Hosted in IIS
Web application projects (WAP) exist in a folder structure under a user's "Documents\Visual Studio 20XX\Projects" folder. Website projects exist in a folder structure under a user's "Documents\Visual Studio 20XX\Websites" folder. SQL Server Express user instances require file access rights to the parent folders of the website or WAP project's directory structure. Because the IIS service account (NETWORK SERVICE) by default does not have these rights within the Visual Studio project folder structure, WAP projects and websites located in a user's Documents folder and that are hosted in IIS will not be able to open SQL Server Express user instanced databases for read access.
WAPs that were originally created within a user's Documents folder, but were subsequently changed to use IIS for a web server via the web tab of the project's properties will encounter this file permissions problem. Websites hosted in IIS where the website directory structure is located within a user's Documents folder will also encounter the file permissions problem. This behavior occurs for WAP projects and websites hosted with any IIS versions that run as NETWORK SERVICE (IIS6, IIS7 and IIS 7.5) where the project structure exists within a user's Documents folder.
Resolution for Windows 7 and Windows Server 2008 R2
For all web applications running under IIS 7.5, regardless of their project type, carry out the following steps:
Resolution for Web Application Projects and Websites
For web application projects (WAP) and websites located in a user's Documents Folder hosted under any version of IIS running as NETWORK SERVICE, carry out the following steps:
Microsoft recommends that the workarounds described in this article only be used to unblock affected development scenarios. When deploying applications into production on any version of IIS, SQL Server Express user instances should not be used.
The configuration of application pools on IIS 7.5 production web servers should use either the new application pool identity, or custom created user accounts. Application pools on IIS 7.5 production web servers should no longer run as NETWORK SERVICE.
The workaround described for working with WAP projects and websites located in a user's Documents folder should be used as a temporary workaround only. From a security standpoint it is not desirable for NETWORK SERVICE to have read access to all of the sub-folders within the Visual Studio Projects folder. The recommendation is to move IIS-hosted WAP projects and websites to a different file location that is normally accessible to an IIS service account (e.g. under c:\inetpub\wwwroot).