472,993 Members | 2,473 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > using aspnet impersonation, aspnet_setreg, applicaton throws buffer overflow.

Join Bytes to post your question to a community of 472,993 software developers and data experts.

Using aspnet Impersonation, ASPNET_SETREG, applicaton throws buffer overflow.

jay
I am attempting to impersonate an account in ASPNET. I am using
aspnet_setreg to store the username and passwords. I have given the
ASPNET account permisision to read the registry values. However, the
application throws:

"Could not create Windows user token from the credentials specified in
the config file. Error from the operating system 'A required privilege
is not held by the client'."

This occurs even when the ASPNET account has TCB privileges.

When moitoring the registry with regmon I see the following:

67 3.69724321 aspnet_wp.exe:2212 OpenKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
68 3.69729805 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second BUFFER
OVERFLOW
69 3.69735813 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second SUCCESS 01
00 00 00 D0 8C 9D DF ...
70 3.69899845 aspnet_wp.exe:2212 CloseKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
71 3.69913554 aspnet_wp.exe:2212 OpenKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
72 3.69917965 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first BUFFER
OVERFLOW
73 3.69923687 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first SUCCESS 01
00 00 00 D0 8C 9D DF ...
74 3.70052648 aspnet_wp.exe:2212 CloseKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
75 3.71294332 aspnet_wp.exe:2212 OpenKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
76 3.71299791 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second BUFFER
OVERFLOW
77 3.71305823 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second SUCCESS 01
00 00 00 D0 8C 9D DF ...
78 3.71464062 aspnet_wp.exe:2212 CloseKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
79 3.71477723 aspnet_wp.exe:2212 OpenKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
80 3.71482134 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first BUFFER
OVERFLOW
81 3.71487856 aspnet_wp.exe:2212 QueryValue HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first SUCCESS 01
00 00 00 D0 8C 9D DF ...
82 3.71617508 aspnet_wp.exe:2212 CloseKey HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
I'm not sure what's causing the buffer overflow.

Other info: Server 2000, .NET Framework v1.1.4322

Thanks for your input. :)

-Jay

Nov 19 '05 #1
2 1903
if you are on win200, then the asp.net account needs "act as part of the os"
permission. this is the permission that allows impersonation.

--bruce (sqlworkcom)

<ja*@gloryfish.org> wrote in message
news:11*********************@g43g2000cwa.googlegro ups.com...
I am attempting to impersonate an account in ASPNET. I am using
aspnet_setreg to store the username and passwords. I have given the
ASPNET account permisision to read the registry values. However, the
application throws:

"Could not create Windows user token from the credentials specified in
the config file. Error from the operating system 'A required privilege
is not held by the client'."

This occurs even when the ASPNET account has TCB privileges.

When moitoring the registry with regmon I see the following:

67 3.69724321 aspnet_wp.exe:2212 OpenKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
68 3.69729805 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second BUFFER
OVERFLOW
69 3.69735813 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second SUCCESS 01
00 00 00 D0 8C 9D DF ...
70 3.69899845 aspnet_wp.exe:2212 CloseKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
71 3.69913554 aspnet_wp.exe:2212 OpenKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
72 3.69917965 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first BUFFER
OVERFLOW
73 3.69923687 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first SUCCESS 01
00 00 00 D0 8C 9D DF ...
74 3.70052648 aspnet_wp.exe:2212 CloseKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
75 3.71294332 aspnet_wp.exe:2212 OpenKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
76 3.71299791 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second BUFFER
OVERFLOW
77 3.71305823 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\second SUCCESS 01
00 00 00 D0 8C 9D DF ...
78 3.71464062 aspnet_wp.exe:2212 CloseKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
79 3.71477723 aspnet_wp.exe:2212 OpenKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS Access:
0x20019
80 3.71482134 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first BUFFER
OVERFLOW
81 3.71487856 aspnet_wp.exe:2212 QueryValue
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG\first SUCCESS 01
00 00 00 D0 8C 9D DF ...
82 3.71617508 aspnet_wp.exe:2212 CloseKey
HKLM\SOFTWARE\FortyTwo\Extra\ASPNET_SETREG SUCCESS
I'm not sure what's causing the buffer overflow.

Other info: Server 2000, .NET Framework v1.1.4322

Thanks for your input. :)

-Jay

Nov 19 '05 #2
That's what I said. I get this error and the buffer overflow even when
the ASPNET account has TCB (Trusted Computing Base, "Act as part
of...") privileges.

Nov 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Invalid characters when using aspnet_setreg
by: RichW | last post by:
We are having some problems with invalid characters in passwords when using aspnet_setreg. Aspnet_setreg seems to generate the registry keys successfully, but then the asp.net application using...
.NET Framework
9
Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET
by: Ben Dewey | last post by:
Project: ---------------------------- I am creating a HTTPS File Transfer App using ASP.NET and C#. I am utilizing ActiveDirectory and windows security to manage the permissions. Why reinvent...
C# / C Sharp
6
Using integrated security
by: Marina | last post by:
Hi, I would like to give the ASPNET process that is running on my machine permission to connect to a sql server database that is on another machine. When I try to do this it says: 'Windows NT user...
ASP.NET
3
ASPNET account and Domain Controller
by: Richard Chandler | last post by:
We're having a problem with ASP.NET security and running on a Win2k Domain Controller. We can't set up the access rights to the registry for ASPNET as the user doesn't exist, this access is...
ASP.NET
1
Unable to create new users using Directory services in Windows 200
by: Sivaraman.S | last post by:
I am unable to create new users using directory services in Windows 2003 server. But it is possible to create users with ASP.NET applications in windows 2000. I am getting "Permission Denied"...
ASP.NET
6
Using impersonation to allow writing to server directory?
by: darrel | last post by:
I'm struggling with an odd permissions problem I have with one of my functions. It takes a file, writes a directory, and then uploads some files to it. This works. Once. Any subsequent attempt and...
ASP.NET
0
ASPNET write problem PROVENTIA CAUSED
by: =?Utf-8?B?U2FuZHBvaW50R3V5?= | last post by:
(reference the post yesterday with the same first few words in subject) Peter was right, *something* had changed. An update had pushed a patch to the desktops for Proventia (was Blackice?) that is...
ASP.NET
7
Missing Web log Entry's for file downloads using ashx
by: =?Utf-8?B?QU9UWCBTYW4gQW50b25pbw==?= | last post by:
Hi, I have been using the code (some of it has been removed for simplicity) below to allow authenticated (using ASP.NET membership database) users to get a file from their archive area. It...
ASP.NET
13
Cannot jump to new part of Silverlight video when using handler
by: =?Utf-8?B?Um9nZXIgTWFydGlu?= | last post by:
This is a follow-up to my post "Silverlight video doesn't work when file is streamed from handler in ASP.net" at...
ASP.NET
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
1
Report value list
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
4
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA
3
SueHopson
Applying ComboBox filters Sequentially
by: SueHopson | last post by:
Hi All, I'm trying to create a single code (run off a button that calls the Private Sub) for our parts list report that will allow the user to filter by either/both PartVendor and PartType. On...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!