ASP.Net security after SP4 on W2k Server

Hello:

I have an app that has been running for several months, but
after installing SP4 on the Win2k server, it would no
longer run.

First I had a TemplateControl parser exception when the
server tried to compile and run the ASPX page. (Which runs
fine on my workstation).

After stripping out everything from the page except the
line linking to the code behind, I was able to run again.

However, when I try to call a function in the page (by
passing an url parameter) that uses a SQL Server database,
I get some kind of security exception:

[InvalidOperationException: Computer name could not be
obtained.]
System.Environment.get_MachineName() +155
System.Data.SqlClient.SqlConnectionString.MachineN ame() +167

System.Data.SqlClient.SqlConnectionString.WorkStat ionId() +27

System.Data.SqlClient.SqlConnectionString.CheckSet Network()
+124

System.Data.SqlClient.SqlConnectionString.Validate Parse() +683
System.Data.Common.DBConnectionString..ctor(String
connectionString, UdlSupport checkForUdl) +144
System.Data.SqlClient.SqlConnectionString..ctor(St ring
connectionString) +13

System.Data.SqlClient.SqlConnectionString.ParseStr ing(String
connectionString) +96

System.Data.SqlClient.SqlConnection.set_Connection String(String
value) +11
CIS.Data.Connection.set_ConnectionString(String Value)
CIS.Data.Connection..ctor(String connectString)
CIS.Data.Database..ctor(Object connectionstring)
webtrack.frmProTrack.DoLogin()
webtrack.frmProTrack.Page_Load(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573

How do I change the security to make this work again? I
have the ASP.Net process impersonating a network login with
access to see the SQL Server machine, and login to SQL Server.

Thanks,
Mat

Mathew,

Does the process account (ASPNET by default) have the
SeImpersonatePrivilege (Impersontate a client after authentication) user
right? If not, you'll need to give it that right.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------[color=blue]
>Content-Class: urn:content-classes:message
>From: "Mathew" <mvording@yahoo.com>
>Sender: "Mathew" <mvording@yahoo.com>
>Subject: ASP.Net security after SP4 on W2k Server
>Date: Mon, 17 Nov 2003 13:57:33 -0800
>Lines: 60
>Message-ID: <058c01c3ad55$cdfc5f40$a101280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOtVc35V6v4yNzNTribdBdO3IBgAA==
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:191531
>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Hello:
>I have an app that has been running for several months, but
>after installing SP4 on the Win2k server, it would no
>longer run.
>First I had a TemplateControl parser exception when the
>server tried to compile and run the ASPX page. (Which runs
>fine on my workstation).
>After stripping out everything from the page except the
>line linking to the code behind, I was able to run again.
>However, when I try to call a function in the page (by
>passing an url parameter) that uses a SQL Server database,
>I get some kind of security exception:
>[InvalidOperationException: Computer name could not be
>obtained.]
> System.Environment.get_MachineName() +155
> System.Data.SqlClient.SqlConnectionString.MachineN ame() +167
>
>System.Data.SqlClient.SqlConnectionString.WorkSta tionId() +27
>
>System.Data.SqlClient.SqlConnectionString.CheckSe tNetwork()
>+124
>
>System.Data.SqlClient.SqlConnectionString.Validat eParse() +683
> System.Data.Common.DBConnectionString..ctor(String
>connectionString, UdlSupport checkForUdl) +144
> System.Data.SqlClient.SqlConnectionString..ctor(St ring
>connectionString) +13
>
>System.Data.SqlClient.SqlConnectionString.ParseSt ring(String
>connectionString) +96
>
>System.Data.SqlClient.SqlConnection.set_Connectio nString(String
>value) +11
> CIS.Data.Connection.set_ConnectionString(String Value)
> CIS.Data.Connection..ctor(String connectString)
> CIS.Data.Database..ctor(Object connectionstring)
> webtrack.frmProTrack.DoLogin()
> webtrack.frmProTrack.Page_Load(Object sender, EventArgs e)
> System.Web.UI.Control.OnLoad(EventArgs e) +67
> System.Web.UI.Control.LoadRecursive() +35
> System.Web.UI.Page.ProcessRequestMain() +731
>---------------------------------------------------------------------------[/color]
-----[color=blue]
>Version Information: Microsoft .NET Framework
>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>How do I change the security to make this work again? I
>have the ASP.Net process impersonating a network login with
>access to see the SQL Server machine, and login to SQL Server.
>Thanks,
>Mat
>[/color]

I was able to fix this by taking your advice.
In the domain controller, under the default policy, add
the desired users to the Enable Impersonatation setting.

This is probably why I wasn't able to compile before as
well.

[color=blue]
>-----Original Message-----
>Mathew,
>
>Does the process account (ASPNET by default) have the
>SeImpersonatePrivilege (Impersontate a client after[/color]
authentication) user[color=blue]
>right? If not, you'll need to give it that right.
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Developer Support
>ASP.NET
>jamesche@online.microsoft.com
>
>This post is provided as-is with no warranties and[/color]
confers no rights.[color=blue]
>
>--------------------[color=green]
>>Content-Class: urn:content-classes:message
>>From: "Mathew" <mvording@yahoo.com>
>>Sender: "Mathew" <mvording@yahoo.com>
>>Subject: ASP.Net security after SP4 on W2k Server
>>Date: Mon, 17 Nov 2003 13:57:33 -0800
>>Lines: 60
>>Message-ID: <058c01c3ad55$cdfc5f40$a101280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: quoted-printable
>>X-Newsreader: Microsoft CDO for Windows 2000
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Thread-Index: AcOtVc35V6v4yNzNTribdBdO3IBgAA==
>>Newsgroups: microsoft.public.dotnet.framework.aspnet
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl[/color][/color]
microsoft.public.dotnet.framework.aspnet:191531[color=blue][color=green]
>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>>
>>Hello:
>>I have an app that has been running for several months,[/color][/color]
but[color=blue][color=green]
>>after installing SP4 on the Win2k server, it would no
>>longer run.
>>First I had a TemplateControl parser exception when the
>>server tried to compile and run the ASPX page. (Which[/color][/color]
runs[color=blue][color=green]
>>fine on my workstation).
>>After stripping out everything from the page except the
>>line linking to the code behind, I was able to run[/color][/color]
again.[color=blue][color=green]
>>However, when I try to call a function in the page (by
>>passing an url parameter) that uses a SQL Server[/color][/color]
database,[color=blue][color=green]
>>I get some kind of security exception:
>>[InvalidOperationException: Computer name could not be
>>obtained.]
>> System.Environment.get_MachineName() +155
>> System.Data.SqlClient.SqlConnectionString.MachineN ame[/color][/color]
() +167[color=blue][color=green]
>>
>>System.Data.SqlClient.SqlConnectionString.WorkSt ationId[/color][/color]
() +27[color=blue][color=green]
>>
>>System.Data.SqlClient.SqlConnectionString.CheckS etNetwor[/color][/color]
k()[color=blue][color=green]
>>+124
>>
>>System.Data.SqlClient.SqlConnectionString.Valida teParse[/color][/color]
() +683[color=blue][color=green]
>> System.Data.Common.DBConnectionString..ctor(String
>>connectionString, UdlSupport checkForUdl) +144
>> System.Data.SqlClient.SqlConnectionString..ctor[/color][/color]
(String[color=blue][color=green]
>>connectionString) +13
>>
>>System.Data.SqlClient.SqlConnectionString.ParseS tring[/color][/color]
(String[color=blue][color=green]
>>connectionString) +96
>>
>>System.Data.SqlClient.SqlConnection.set_Connecti onString[/color][/color]
(String[color=blue][color=green]
>>value) +11
>> CIS.Data.Connection.set_ConnectionString(String[/color][/color]
Value)[color=blue][color=green]
>> CIS.Data.Connection..ctor(String connectString)
>> CIS.Data.Database..ctor(Object connectionstring)
>> webtrack.frmProTrack.DoLogin()
>> webtrack.frmProTrack.Page_Load(Object sender,[/color][/color]
EventArgs e)[color=blue][color=green]
>> System.Web.UI.Control.OnLoad(EventArgs e) +67
>> System.Web.UI.Control.LoadRecursive() +35
>> System.Web.UI.Page.ProcessRequestMain() +731
>>--------------------------------------------------------[/color][/color]
-------------------[color=blue]
>-----[color=green]
>>Version Information: Microsoft .NET Framework
>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>How do I change the security to make this work again? I
>>have the ASP.Net process impersonating a network login[/color][/color]
with[color=blue][color=green]
>>access to see the SQL Server machine, and login to SQL[/color][/color]
Server.[color=blue][color=green]
>>Thanks,
>>Mat
>>[/color]
>
>.
>[/color]

Glad to know it's fixed, Mathew.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------[color=blue]
>Content-Class: urn:content-classes:message
>From: <anonymous@discussions.microsoft.com>
>Sender: <anonymous@discussions.microsoft.com>
>References: <058c01c3ad55$cdfc5f40$a101280a@phx.gbl>[/color]
<52P7f#VrDHA.1544@cpmsftngxa06.phx.gbl>[color=blue]
>Subject: RE: ASP.Net security after SP4 on W2k Server
>Date: Tue, 18 Nov 2003 13:02:47 -0800
>Lines: 116
>Message-ID: <034901c3ae17$5181ae80$a401280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOuF1GBA2GnXGsQSj2Xmuqq1GUuHQ==
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:191818
>NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>I was able to fix this by taking your advice.
>In the domain controller, under the default policy, add
>the desired users to the Enable Impersonatation setting.
>
>This is probably why I wasn't able to compile before as
>well.
>
>[color=green]
>>-----Original Message-----
>>Mathew,
>>
>>Does the process account (ASPNET by default) have the
>>SeImpersonatePrivilege (Impersontate a client after[/color]
>authentication) user[color=green]
>>right? If not, you'll need to give it that right.
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Developer Support
>>ASP.NET
>>jamesche@online.microsoft.com
>>
>>This post is provided as-is with no warranties and[/color]
>confers no rights.[color=green]
>>
>>--------------------[color=darkred]
>>>Content-Class: urn:content-classes:message
>>>From: "Mathew" <mvording@yahoo.com>
>>>Sender: "Mathew" <mvording@yahoo.com>
>>>Subject: ASP.Net security after SP4 on W2k Server
>>>Date: Mon, 17 Nov 2003 13:57:33 -0800
>>>Lines: 60
>>>Message-ID: <058c01c3ad55$cdfc5f40$a101280a@phx.gbl>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: quoted-printable
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Thread-Index: AcOtVc35V6v4yNzNTribdBdO3IBgAA==
>>>Newsgroups: microsoft.public.dotnet.framework.aspnet
>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl[/color][/color]
>microsoft.public.dotnet.framework.aspnet:191531[color=green][color=darkred]
>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>>>
>>>Hello:
>>>I have an app that has been running for several months,[/color][/color]
>but[color=green][color=darkred]
>>>after installing SP4 on the Win2k server, it would no
>>>longer run.
>>>First I had a TemplateControl parser exception when the
>>>server tried to compile and run the ASPX page. (Which[/color][/color]
>runs[color=green][color=darkred]
>>>fine on my workstation).
>>>After stripping out everything from the page except the
>>>line linking to the code behind, I was able to run[/color][/color]
>again.[color=green][color=darkred]
>>>However, when I try to call a function in the page (by
>>>passing an url parameter) that uses a SQL Server[/color][/color]
>database,[color=green][color=darkred]
>>>I get some kind of security exception:
>>>[InvalidOperationException: Computer name could not be
>>>obtained.]
>>> System.Environment.get_MachineName() +155
>>> System.Data.SqlClient.SqlConnectionString.MachineN ame[/color][/color]
>() +167[color=green][color=darkred]
>>>
>>>System.Data.SqlClient.SqlConnectionString.WorkS tationId[/color][/color]
>() +27[color=green][color=darkred]
>>>
>>>System.Data.SqlClient.SqlConnectionString.Check SetNetwor[/color][/color]
>k()[color=green][color=darkred]
>>>+124
>>>
>>>System.Data.SqlClient.SqlConnectionString.Valid ateParse[/color][/color]
>() +683[color=green][color=darkred]
>>> System.Data.Common.DBConnectionString..ctor(String
>>>connectionString, UdlSupport checkForUdl) +144
>>> System.Data.SqlClient.SqlConnectionString..ctor[/color][/color]
>(String[color=green][color=darkred]
>>>connectionString) +13
>>>
>>>System.Data.SqlClient.SqlConnectionString.Parse String[/color][/color]
>(String[color=green][color=darkred]
>>>connectionString) +96
>>>
>>>System.Data.SqlClient.SqlConnection.set_Connect ionString[/color][/color]
>(String[color=green][color=darkred]
>>>value) +11
>>> CIS.Data.Connection.set_ConnectionString(String[/color][/color]
>Value)[color=green][color=darkred]
>>> CIS.Data.Connection..ctor(String connectString)
>>> CIS.Data.Database..ctor(Object connectionstring)
>>> webtrack.frmProTrack.DoLogin()
>>> webtrack.frmProTrack.Page_Load(Object sender,[/color][/color]
>EventArgs e)[color=green][color=darkred]
>>> System.Web.UI.Control.OnLoad(EventArgs e) +67
>>> System.Web.UI.Control.LoadRecursive() +35
>>> System.Web.UI.Page.ProcessRequestMain() +731
>>>--------------------------------------------------------[/color][/color]
>-------------------[color=green]
>>-----[color=darkred]
>>>Version Information: Microsoft .NET Framework
>>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>>How do I change the security to make this work again? I
>>>have the ASP.Net process impersonating a network login[/color][/color]
>with[color=green][color=darkred]
>>>access to see the SQL Server machine, and login to SQL[/color][/color]
>Server.[color=green][color=darkred]
>>>Thanks,
>>>Mat
>>>[/color]
>>
>>.
>>[/color]
>[/color]

Based on the amount of virus spam in my spamcatcher, other people have
read or had this problem.

Here's a Microsoft support link that solved it:

BUG: IWAM Account Is Not Granted the Impersonate Privilege for ASP.NET
1.1 on a Windows 2000 Domain Controller with SP4
http://support.microsoft.com/default.aspx?kbid=824308

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

ASP.Net security after SP4 on W2k Server

re: ASP.Net security after SP4 on W2k Server

re: ASP.Net security after SP4 on W2k Server

re: ASP.Net security after SP4 on W2k Server

re: ASP.Net security after SP4 on W2k Server

Similar ASP.NET bytes

/bytes/development

/bytes/it

/bytes/about