473,320 Members | 1,990 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Impersonation failure with Index Server and Forms Authentication with Active Directory

I'm posting my problem experience and solution I found here for other
ASP.NET developers.

I have a web application that uses Forms Authentication with Active
Directory to control access. In this web application, I have search
page that utilizes the Windows Indexing Service (MSIDXS provider).
For reasons I'm not aware of at this time, setting <identity
impersonation="true" /> in the web.config causes an error whenever you
try to search.

This is the error message: HttpException (0x80004005): Impersonation
failure.

The only information I was able to find was another thread in the
microsoft.public.inetserver.indexserver newsgroup titled
"Impersonation Discoveries with .NET Framework" which steered me in
the right direction. SteveC, the owner of the other thread, said he
was able to fix the search by setting the impersonation to false but
other things broke probably because of his authentication method and
not being able to read the file ACL's.

Mine solution is a little different from his, I kept the overall
application's identity impersonation set to true as was originally how
I was configured, but then set the impersonation to false only for my
search.aspx page. Here's a snippet of my web.config for you with
commented notes.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<!-- I added this location node -->
<location allowOverride="true" />
<!-- End location node -->

<system.web>
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="adAuthCookie" timeout="60"
path="/" >
</forms>
</authentication>

<!-- I left this impersonate alone -->
<identity impersonate="true" />

</system.web>

<!-- I added this location node -->
<location path="search.aspx">
<system.web>
<identity impersonate="false" />
</system.web>
</location>
<!-- End location node -->

</configuration>
Nov 17 '05 #1
1 3924
Hello,

Thanks very much for your post. It benefits the whole group very much.

It seems that this problem likes the one mentioned in:
"FIX: "Access Is Denied" Error Message When You Try to Access Indexing Service from ASP.NET with Impersonation
Enabled"
http://support.microsoft.com/?id=323293

The workaround is also the same.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: cr******@heery.com (techfuzz)
!Newsgroups: microsoft.public.dotnet.framework.aspnet
!Subject: Impersonation failure with Index Server and Forms Authentication with Active Directory
!Date: 8 Aug 2003 10:21:00 -0700
!Organization: http://groups.google.com/
!Lines: 55
!Message-ID: <63**************************@posting.google.com >
!NNTP-Posting-Host: 67.96.192.158
!Content-Type: text/plain; charset=ISO-8859-1
!Content-Transfer-Encoding: 8bit
!X-Trace: posting.google.com 1060363261 9983 127.0.0.1 (8 Aug 2003 17:21:01 GMT)
!X-Complaints-To: gr**********@google.com
!NNTP-Posting-Date: 8 Aug 2003 17:21:01 GMT
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed 00.sul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!
news.maxwell.syr.edu!sn-xit-03!sn-xit-01!sn-xit-05!sn-xit-09!supernews.com!postnews1.google.com!not-for-mail
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:166191
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
!
!I'm posting my problem experience and solution I found here for other
!ASP.NET developers.
!
!I have a web application that uses Forms Authentication with Active
!Directory to control access. In this web application, I have search
!page that utilizes the Windows Indexing Service (MSIDXS provider).
!For reasons I'm not aware of at this time, setting <identity
!impersonation="true" /> in the web.config causes an error whenever you
!try to search.
!
!This is the error message: HttpException (0x80004005): Impersonation
!failure.
!
!The only information I was able to find was another thread in the
!microsoft.public.inetserver.indexserver newsgroup titled
!"Impersonation Discoveries with .NET Framework" which steered me in
!the right direction. SteveC, the owner of the other thread, said he
!was able to fix the search by setting the impersonation to false but
!other things broke probably because of his authentication method and
!not being able to read the file ACL's.
!
!Mine solution is a little different from his, I kept the overall
!application's identity impersonation set to true as was originally how
!I was configured, but then set the impersonation to false only for my
!search.aspx page. Here's a snippet of my web.config for you with
!commented notes.
!
!<?xml version="1.0" encoding="utf-8" ?>
!<configuration>
!
!<!-- I added this location node -->
! <location allowOverride="true" />
!<!-- End location node -->
!
! <system.web>
! <authentication mode="Forms">
! <forms loginUrl="logon.aspx" name="adAuthCookie" timeout="60"
!path="/" >
! </forms>
! </authentication>
!
!<!-- I left this impersonate alone -->
! <identity impersonate="true" />
!
! </system.web>
!
!<!-- I added this location node -->
! <location path="search.aspx">
! <system.web>
! <identity impersonate="false" />
! </system.web>
! </location>
!<!-- End location node -->
!
!</configuration>
!
Nov 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Andy | last post by:
I am new to .NET so not sure if this is the right process... Any help will be greatly appreciated. I am trying to eliminate the grey login box that pops up when Windows Authentication is used by...
1
by: Eric | last post by:
I trying to setup an intranet based on windows NT groups or roles. I have used windows integrated authentication with impersonation first but this include to use a user to access the database. I...
26
by: andrew_webby at hotmail | last post by:
Hi Am having a problem with an app I wrote to test patch delivery. I contact a remote PC, and get it to run a patch which is installed on a server. It works fine if I use psexec for example and...
1
by: Rocky | last post by:
I have a problem. I have a webform, which uses impersonation. My iis is set to windows integrated authentication and anonymous is disabled. My webform connects to active directory and...
3
by: Lambuz | last post by:
Hi all, I've got this terrible problem. I've two Win2000 Advanced Server (ServerA and ServerB) both part of an Active Directory. The Active Directory Server is named ServerC. On ServerA I've...
3
by: JayD | last post by:
(Not sure whether it is a general aspnet problem or a specific security problem, hence posting it in 2 groups). This will solve for us a number of problems. I have developed a website on my...
3
by: Patrick | last post by:
Hello I have the following scenario - SQL 2005 server (serversql) - Windows 2003 with IIS (serveriis) - Windows 2003 ADS (serverads) I want to connect to an intranet application using NTML...
0
by: Daniel Knöpfel | last post by:
Hello On our asp.net 2.0 website we impersonate every request to the identity of the user logged in. This works this way: 1. user logs in, providing username, password 2. user is authenticated...
0
by: Mike | last post by:
Hi all, Hopefully someone will be able to help with this issue. I have an ASP.Net application that is trying to extract frames from .avi and .wmv files to create thumbnails. The media files are...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.