License Access

License Access

Behavior: The following exception occurs after installation: Access to the path 'c:\inetpub\wwwroot\<your site>\data\license.xml' is denied. 

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Access to the path 'c:\inetpub\wwwroot\<your site>\data\license.xml' is denied.

Issue: The account used to run Sitecore (Application Pool Identity (recommended) or Network Service) does not have read access to the license.xml file

Solution: Access denied messages can usually be resolved by reviewing and adjusting the NTFS permissions on the file system for Sitecore folders. The Sitecore installation requires that Modify permissions be assigned to the Application Pool Identity or Network Service account for the Sitecore folder hierarchy, depending on which account is configured for the Application Pool. Sitecore installations sometimes require the developer or admin to manually set permissions when the Application Pool Identity or Network Services does not have Modify permissions to the root of the /website and /data folders, or when the Application Pool is assigned to the Application Pool Identity 
but the permissions are assigned to the Network Service account.

It is recommended that you do not force permissions for Modify to the Application Pool Identity or Network Service account for all folders under the Sitecore installation root by using the Advanced option to reset all folder permissions in the hierarchy because this will remove permissions for other required SQL accounts, such as sa, to the database folders and could cause access issues related to the Sitecore databases.

Perform the following steps to correct the access denied message...

  1. Use the Application Pools node in IIS to check whether the Application Pool Identity or Network Service account is assigned to the Application Pool for your Sitecore site
  2. Use the Windows Explorer Security tab to verify that the appropriate account from Step 1 has modify permissions to the /website and /data folders under the Sitecore installation root
    • Type "iis apppool\<Name of AppPool>" as the account name to assign permissions to the Application Pool Identity
    • This will assign permissions to a separate virtual account for each site folder hierarchy when that site has a unique application pool, instead of using the shared (less secure) Network Service account
    • The is a recommended security best practice 
  3. Add the appropriate account as needed and assign modify or increase the existing Read permissions to Modify for this account to the /website and /data folders
  4. Check to see if the access denied error is resolved
  5. If the access denied message persists, review the Sitecore folder hierarchy and look for folders where the appropriate account does not have Modify permissions and fix it at that folder level. (Note: Do not just force a reset of all subfolders from the root of the Sitecore installation to avoid interfering with the sa permissions to the database folders).