Re: ASP.NET Fixed Identity Impersonation

From: ADavis (ADavis_at_discussions.microsoft.com)
Date: 07/20/05 

Date: Wed, 20 Jul 2005 12:31:01 -0700

We did use Filemon and it said "BAD IMPERSONATION" we intrepreted that as
being the account created for the website, not the domain account created for
asp.net to run under. We called MS and added the domain account for asp.net
to the local security policy to impersonate and everything is fine. Thanks

"Joe Kaplan (MVP - ADSI)" wrote:

> Have you considered using Filemon to figure out exactly which file or
> directory is causing the access denied? That would be a good place to
> start.
>
> My guess is that you will need to grant the required read access to the
> impersonated account, but Filemon should tell you exactly what is failing.
>
> Joe K.
>
> "ADavis" <ADavis@discussions.microsoft.com> wrote in message
> news:334A6387-584C-41DE-8D32-EDB11B4F5422@microsoft.com...
> > Also, I just wanted to add that the machine.config file is configured to
> > use
> > impersonation as well on both servers (this is from our development
> > server):
> >
> > <identity impersonate="true" userName="domain\servername_ASPNET"
> > password="*******!"/>
> >
> > "ADavis" wrote:
> >
> >> We have a development web server (Windows 2000 Server) and a production
> >> web
> >> server (Windows 2000 Server) both are running IIS 5.0 and have the .NET
> >> Framework 1.1. We have asp.net fixed identity impersonation running on
> >> the
> >> development server and it's fine. We moved the website to the
> >> production
> >> server and we're getting the following error:
> >>
> >> Access denied to 'D:\MCJNET\WorkOrderSystems\default.aspx', Failed to
> >> start
> >> monitoring file changes.
> >>
> >> did a search in Google and found this article:
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317955
> >>
> >> We followed Method 1 - didn't work.
> >>
> >> We are reluctant to follow Method 2 because the individual web site
> >> folders
> >> are set to inherit permission from the parent.
> >>
> >> Any help will be appreciated.
> >>
> >> Sincerely,
> >>
> >> ADavis
>
>
>

Relevant Pages

  • Re: System.IO.Directoryinfo throwing exception
    ... With basic authentication and impersonation you need to ... use a domain account which can delegate and you can check how to mark your ... ASP.NET MVP ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: impersonation problem - any good resources ?
    ... allow ' proper execution presents a security risk. ... Imports System.Runtime.InteropServices ... > There is only one domain account that has fullcontrol on the server's> directory. ... > I used the impersonation methodology provided in MSDN's> WindowsIdentity.Impersonate Method. ...
    (microsoft.public.dotnet.security)
  • Re: Issue with ASP.NET client, COM Interop, and Identity impersonation
    ... you need to set aspcompat=true (turn off thread agility) to lock down the ... then set the domain account and password ... > impersonation is not carried through to COM library. ... > network will not work correctly. ...
    (microsoft.public.dotnet.languages.vc)
  • Re: Issue with ASP.NET client, COM Interop, and Identity impersonation
    ... you need to set aspcompat=true (turn off thread agility) to lock down the ... then set the domain account and password ... > impersonation is not carried through to COM library. ... > network will not work correctly. ...
    (microsoft.public.dotnet.framework)
  • Re: Issue with ASP.NET client, COM Interop, and Identity impersonation
    ... you need to set aspcompat=true (turn off thread agility) to lock down the ... then set the domain account and password ... > impersonation is not carried through to COM library. ... > network will not work correctly. ...
    (microsoft.public.dotnet.framework.interop)