Comments on: Using an External Config File With log4net with ASP.NET 2.0 and IIS7

By: Christian

Christian — Tue, 27 Apr 2010 21:32:09 +0000

This sounds strange… I mean it is my own code, in global.asax which has not enough rights to read my log4net.config file..? I mean, I’m not in the role of a client from the internet who is trying to access the log4net.config file. But maybe you are right and this is a absolutely volitional behaviour. However this post leads me to the right way. You made my day, thank you so much…

By: palehorse

palehorse — Tue, 27 Apr 2010 16:22:22 +0000

From what I can ascertain, IIS protects all .config files from being read by default. Only files that show up in the filter section are allowed, therefore any .config files that are not standard need to be added there. I also believe this is only an issue if the web is running in pipleline mode, but I’m not certain about that. It seems (my best guess) that it’s simply another layer of security to avoid having sensitive configuration information leaked.

By: Christian

Christian — Tue, 27 Apr 2010 15:57:35 +0000

Thanks you for this information. Instead of defining any request filter i’ve putted the config file in a separate directory. The security settings are defined, that nobody can access that directory. One thing i don’t understand: why isn’t it possible to read the config file when the name is log4net.config…? I’m realy confused about that behaviour…