sdk: DllNotFoundException: Unable to load DLL 'sni.dll': Access is denied.
Steps to reproduce
dotnet publish -c Production
copy files to a windows 2012 r2 iis8.5 machine with the hosting bundle installed.
λ dotnet --version
Microsoft .NET Core Shared Framework Host
Version : 1.1.0
Build : 928f77c4bc3f49d892459992fb6e1d5542cb5e86
Expected behavior
I expect the application to work when published to IIS when using a sql client like it does when run on OSX.
Actual behavior
An unhandled exception occurred while processing the request.
DllNotFoundException: Unable to load DLL 'sni.dll': Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
System.Data.SqlClient.SNINativeMethodWrapper.SNIInitialize(IntPtr pmo)
TypeInitializationException: The type initializer for 'System.Data.SqlClient.SNILoadHandle' threw an exception.
System.Data.SqlClient.TdsParser..cctor()
TypeInitializationException: The type initializer for 'System.Data.SqlClient.TdsParser' threw an exception.
System.Data.SqlClient.TdsParser..ctor(bool MARS, bool fAsynchronous)
Environment data
dotnet --info output:
$ dotnet --info
.NET Command Line Tools (1.0.0-preview2-1-003177)
Product Information:
Version: 1.0.0-preview2-1-003177
Commit SHA-1 hash: a2df9c2576
Runtime Environment:
OS Name: Mac OS X
OS Version: 10.12
OS Platform: Darwin
RID: osx.10.12-x64
About this issue
- Original URL
- State: open
- Created 7 years ago
- Comments: 21 (1 by maintainers)
Had the same issue. Fixed it by assigning full control to %USERPROFILE%.nuget. You can also try to change the app pool identity in IIS to LocalSystem.
This happen with me. Giving more permissions to the Application Pool user for me is the worst option, for God’s sake! For who don’t know, the Application Pool Identity was created to give more security to the entire server!!
https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
All my sites run with Application Pool Identity, with “Read” only permission to IISAppPool\APPLICATIONPOOLNAME to the site’s folder.
With .NET Core i’m having this problem with some sites, that could be solved by giving ONLY the folder’s DLL the “Read and Execute” permission solve the problem. (In that case of “sni.dll”, giving “Read and Execute” to […]\runtimes\win-arm64\native should work). If you don’t want to debug to the correct way, this is, in my opinion, by far, best than giving “System” permission to the App Pool)
But it’s not how should be, in my opinion, as “Execute” permission give a security flaw as someone could inject a code in that folder and execute remotely.
Something is making the AppPoolIdentity need to execute the DLLs needed to access SQL Server.
@naveedahmed1 just give execute permission to user “IIS AppPool\NAMEOFTHEAPPLICATIONPOOL” instead of changing to LocalSystem. (When you use app pool identity, IIS “creates” an user for each application pool you have, so you can give permissions for each application pool to read/write/execute each folder, instead of all apps pools reading or writing everything in every place.
So if you have an application pool called “WebApp1”, and a site in IIS pointed to the folder “E:\Inetpub\WebApps\WebApp1” using the application pool WebApp1, you just have to create a “Read/Execute” permission to \WebApp1 folder to the following user: “IIS AppPool\WebApp1” (search for Local Computer accounts instead of a domain, you have one), isn’t searchable, just write this and should work.