I’ve described this first on my blog written in Polish so this will be a story and moral in one post – which in original was two posts.
Story ….
I had to install IdM solution I deployed some time ago in new test environment and part of deployment was to deploy ASP .NET application. Pretty simple task … install IIS –> .NET framework –> configure application pool (remember: domain account) –> Create virtual directory, configure it … run IE … /Default.aspx">https://<hostname>/Default.aspx … and get nice and shiny HTTP/404 error.
OK so double check, files are in place, home directory configured properly, permissions are OK … IE –> HTTP/404 … WTF??
Few checks later to not waste more time I asked my friend quick question on IM. And as always … he knew the answer almost right away and the answer is KB 315122. ASP .NET 2.0 even if is installed is not enabled by default, so enabling this extension in IIS configuration did the trick.
But hey .. why 404 not other HTTP error. I thought that for example 501 “Not Implemented” would be more suitable.
Moral …
So my first impression was that 404 is not very intuitive and it should be replaced with other error code. But my friend (who back in the feature had gave me few hard lessons about my knowledge of OS 😉 ) had read my post and pointed me to RFC 2616 which (oh sweet irony) I have read when I was trying to solve this issue. In this RFC one can read following description for HTTP/403 error:
(…)
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
(…)
So it was perfectly OK according to this RFC for IIS to return 404 in this case. IN IIS7 this behavior was changed and in such case IIS actually returns 403 error code which is more intuitive for troubleshooting the cause.
So … what is a moral of this story …RTFRFC. (And that it is always good to have friends smarter than You are 🙂 ).