Re: How do I give ASP.NET process network credentials?

From: Joseph Geretz (jgeretz@nospam.com)
Date: 10/28/02


From: "Joseph Geretz" <jgeretz@nospam.com>
Date: Mon, 28 Oct 2002 14:30:53 -0500


Hi JJ,

Thanks for pointing that out. Unfortunately it did not help.

Joe Geretz

Machine.config:
        <processModel enable="true"
                      timeout="Infinite"
                      idleTimeout="Infinite"
                      shutdownTimeout="0:00:05"
                      requestLimit="Infinite"
                      requestQueueLimit="5000"
                      restartQueueLimit="10"
                      memoryLimit="60"
                      webGarden="false"
                      cpuMask="0xffffffff"
                      userName="SYSTEM"
                      password="AutoGenerate"
                      logLevel="Errors"
                      clientConnectedCheck="0:00:05"
                      comAuthenticationLevel="Connect"
                      comImpersonationLevel="Impersonate"
                      responseRestartDeadlockInterval="00:09:00"
                      responseDeadlockInterval="00:03:00"
                      maxWorkerThreads="25"
                      maxIoThreads="25"
        />

Web.config:
        <identity impersonate="false" userName="INTERNAL\Administrator"
password="bigcheese"/>

Server Error in '/PDPortal' Application.

----------------------------------------------------------------------------

----
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: Could not create Windows user token from the
credentials specified in the config file. Error from the operating system 'A
required privilege is not held by the client. '
Source Error:
Line 51:             password="password of above specified account" | empty
string
Line 52:         -->
Line 53:         <identity impersonate="false"
userName="INTERNAL\Administrator" password="bigcheese"/>
Line 54:
Line 55:         <!--  APPLICATION-LEVEL TRACE LOGGING
Source File: D:\My Documents\Visual Studio
Projects\ParaDocs\PDPortal\web.config    Line: 53
----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.0.3705.0; ASP.NET
Version:1.0.3705.0
"JJ" <jj@nospam.com> wrote in message news:u2Kf9YqfCHA.2308@tkmsftngp12...
> You missed a part of the suggestion.  You need to have
impersonate="false",
> not true.  Then you can specify as userName= and password= and it will
have
> sufficient rights because you are running as SYSTEM as specified in
> machine.config.  SYSTEM has enough rights to impersonate.
>
>
> "Joseph Geretz" <jgeretz@nospam.com> wrote in message
> news:#Z9pXz3eCHA.1492@tkmsftngp09...
> > Hi Jay,
> >
> > I was unable to implement your suggestion. The following identity in
> > web.config
> >
> > <identity impersonate="true" userName="DOMAIN\UserID" password="PWD"/>
> >
> > results in the following error:
> >
> > Could not create Windows user token from the credentials specified in
the
> > config file. Error from the operating system 'A required privilege is
not
> > held by the client. '
> >
> > The client, in this case, would I guess be the user ASPNET since my
> > processModel settings specify 'machine'. (I tried this using SYSTEM, but
> > that had no effect.) So I'm back to the original question. How do I get
an
> > ASP.NET process to run under the identity of a domain user, rather than
as
> a
> > local user?
> >
> > Thanks,
> >
> > - Joe Geretz -
> >
> > "Jay Warmack" <jwarmack@weblandingzone.net> wrote in message
> > news:u9AGi1xeCHA.1788@tkmsftngp11...
> > > In web.config you should be able to use:
> > >
> > > <identity impersonate="false" userName="domain\localuser"
> > > password="password"/>
> > >
> > >
> > > "Joseph Geretz" <jgeretz@nospam.com> wrote in message
> > > news:uZ00wfueCHA.2128@tkmsftngp12...
> > > > I have a Source Safe database installed on my Win2K 'domain
> controller'.
> > A
> > > > Source Safe database is not a database in the traditional sense of
the
> > > word.
> > > > It is actually a file system folder structure. Source Safe
workstation
> > > users
> > > > access this 'database' via a folder share or mapped drive. The VSS
> > > database
> > > > is installed on a machine called Dimension2.
> > > >
> > > > I have written an ASP.NET process (web services) which interacts
with
> > the
> > > > VSS API in order to access the VSS database on dimension. These web
> > > services
> > > > are hosted under IIS on a member server named Dimension. I was
finding
> > > that
> > > > if I logged on locally to Dimension and ran the VSS Win32 Explorer
> > client,
> > > I
> > > > was able to successfully access the VSS database on Dimension2.
> However,
> > > the
> > > > ASP.NET code was unable to access this database.
> > > >
> > > > I changed the ASP.NET username in the processmodel section of
> > > machine.config
> > > > to SYSTEM. Still no success. So I made the following changes to the
> > > > web.config file at the root of the web service site.
> > > >
> > > > Authentication: Windows
> > > > Impersonation: true
> > > >
> > > > Now the code runs successfully, since the ASP.NET code is now
running
> > > using
> > > > my interactive session network credentials. This was a useful test
to
> > > > isolate the problem and to confirm that the problem is based on
> > > credentials
> > > > and security. However this is no solution for a production
> environment.
> > I
> > > > need to allow this to work for anonymous users coming in over the
> > Internet
> > > > without domain credentials.
> > > >
> > > > How can I set this up? Can ASPNET on Dimension be set up as a
network
> > > > account? Can a new network account be created and ASP.NET or my web
> > > services
> > > > be configured to use this special account? Or is there a different
way
> > in
> > > > which this is typically done?
> > > >
> > > > Thanks for your help.
> > > >
> > > > - Joe Geretz -
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: ATI or Nvidia?
    ... I don't like too much having these proprietary drivers "tainting" my ... Usage: aticonfig... ... Parses an existing X-Server configuration file and modifies it to operate ...
    (comp.os.linux.hardware)
  • Re: Configuration data for a Windows Service
    ... The service will definitely use a configuration file for at least some of ... the pluggable objects itself is still on the table. ... If my hosting application was a standard Windows Forms ...
    (microsoft.public.dotnet.framework)
  • Re: Class Library Configuration Files
    ... If you create an EXE in .NET that is run as a windows service, ... create a config file where you place all of your configuration settings. ... where your configuration file is going to be. ... The real executable is the one on the client machine (or, more likely, Web ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Making a dynamically-linked root
    ... configuration data that you would typically store in a file. ... to be done on the client side or to the client protocol. ... remote services for particular configuration file classes, like NIS, ... different backend storage mechanisms such as databases, ...
    (freebsd-arch)
  • Re: [RFC] libcg: design and plans
    ... In general - cgroup is a very flexible subsystem that can be used in a wide variety of ways and modes and trying to create a universal simple API would more likely result in something hard to manage and work with. ... We have been working on a library for control groups which would provide ... Provide persistent configuration across reboots ... Similarly a configuration file will be ...
    (Linux-Kernel)