I was given the task of moving a website from one server to another.
The author of this is no longer with our company. The site was written
in C#, which I am not familiar with, but I can read it enough to get an
idea of what is supposed to be going on. But, in the webconfig file,
there is a line:
<identity impersonate="true" userName="DOMAIN\XXX" password="XXX"/>
Quite frankly, I have no idea what it is used for or why it is there.
After publishing the site to the new server, I got an error message for
that line:
Parser Error Message: Could not create Windows user token from the
credentials specified in the config file. Error from the operating
system 'A required privilege is not held by the client. '
I've looked at the old server to try to figure out what is different
from the new server, and I really don't know what I should be looking
for.
Could someone please take the time to explain what the purpose of
impersonating is? What needs to be set up on a server to make it work?
Thanks,
Jennifer
16  1409 
Hi Jennifer,
This means that the entire application will run as the user DOMAIN\XXX,
regardless of the identity of the request. Maybe your new server is in
a different domain and the user doesn't exist, or perhaps it has a
different password?
HTH,
Chris
Thanks for replying. At least now I know what that line of code is
for. :) But... the server is on the same domain. The user exists in
Active Directory and the password is the same - this still works on the
old server. Is there some IIS setting (or other kind of setting) that
needs to be in place for this to work?
Thanks again,
Jennifer
Try removing it?
"Jennifer" <J.**********@gmail.com> wrote in message
news:11*********************@i39g2000cwa.googlegro ups.com... Thanks for replying. At least now I know what that line of code is
for. :) But... the server is on the same domain. The user exists in
Active Directory and the password is the same - this still works on the
old server. Is there some IIS setting (or other kind of setting) that
needs to be in place for this to work?
Thanks again,
Jennifer
Actually, I did try that. I didn't get the error message any more, but
none of the links worked after that. :)
Did you get an error?
Access Denied perhaps?
"Jennifer" <J.**********@gmail.com> wrote in message
news:11*********************@z34g2000cwc.googlegro ups.com... Actually, I did try that. I didn't get the error message any more, but
none of the links worked after that. :)
There wasn't an error per se...I just got redirected to a new page,
with this message:
The page you are looking for cannot be displayed because the page
address is incorrect.
I've also granted the user the ability to create tokens and I also
added the user to the "Impersonate a client after authentication"
setting, and this did not work either. Neither one of these are set up
on the old server anyway.
I'm not really sure what else to try. I know there's got to be
something set up on the old server that is not on the new server, but
darned if I know what it is.
You can change the user context also, via the IIS Admin tool. Change the
Anonymous user to the domain user you need.
Jeff
"Jeff Dillon" <je********@hotmail.com> wrote in message
news:uH**************@TK2MSFTNGP04.phx.gbl... Did you get an error?
Access Denied perhaps?
"Jennifer" <J.**********@gmail.com> wrote in message
news:11*********************@z34g2000cwc.googlegro ups.com... Actually, I did try that. I didn't get the error message any more, but
none of the links worked after that. :)
Well...under the Default WebSite Properties on the Authentication
Methods tab, anonymous access is unchecked on the old server. If it
was checked, then the button to edit the anonymous user would be
enabled. I don't think that anonymous use should be enabled anyay -
it's a web site for the local intranet - no one other than a few
employees here will be accessing it. Any other ideas? (And thank you
for the suggestions so far, even if they didn't pan out!)
Jennifer
What is the URL that it is TRYING to access? Perhaps the server name was
hard-coded in the redirecting URL? Bad bad
You have 2 separate issues going on. The "page address is incorrect" most
likely doesn't have anything to do with the web.config issue.
Jeff
"Jennifer" <J.**********@gmail.com> wrote in message
news:11********************@i40g2000cwc.googlegrou ps.com... There wasn't an error per se...I just got redirected to a new page,
with this message:
The page you are looking for cannot be displayed because the page
address is incorrect.
I've also granted the user the ability to create tokens and I also
added the user to the "Impersonate a client after authentication"
setting, and this did not work either. Neither one of these are set up
on the old server anyway.
I'm not really sure what else to try. I know there's got to be
something set up on the old server that is not on the new server, but
darned if I know what it is.
No, nothing is hard-coded. The page names are saved in a database.
How the site works is this - the default page has a navigation bar.
The page names are loaded into a combo box on the navigation bar when
the default page opens up. The URL is created on the fly by getting
the server name and combining it with the page name when the name is
selected from the combo box. I can tell you the URL, but it's on the
local intranet here, so you couldn't see it anyway.
With respect, while there may possibly be 2 different issues, it is the
one with impersonation that I'd want to fix. I think that with that
fixed, the problem with the page address being incorrect may go away.
I think it would be fix the first, then both are fixed. Of course, I
could tell everyone to just use the old server where it all works
anyway. :) But that probalby won't fly.
if you are on iis 6.0, remove the line, and set the identity in the app
pool.in order to impersonate, the asp.net account (or the app pool account),
must be given "act as part of os" permisison. this permmision is the one
that allows impersonation.
-- bruce (sqlwork.com)
"Jennifer" <J.**********@gmail.com> wrote in message
news:11********************@i40g2000cwc.googlegrou ps.com... There wasn't an error per se...I just got redirected to a new page,
with this message:
The page you are looking for cannot be displayed because the page
address is incorrect.
I've also granted the user the ability to create tokens and I also
added the user to the "Impersonate a client after authentication"
setting, and this did not work either. Neither one of these are set up
on the old server anyway.
I'm not really sure what else to try. I know there's got to be
something set up on the old server that is not on the new server, but
darned if I know what it is.
No, you didn't answer my question. WHAT is the URL that it is TRYING to go
to? Is it correct? Can you manually type that same address into your
browser?
Also, show the connection string that you are using to connect to your
database. It could be that since your don't have impersonation working, that
you can't connect to your database. In that case, you could have saved us
both some time by answering my question the first time.
And WHY do you want to fix impersonation? You said yourself you don't even
know why it's there?? The only reason I can see, is that it is the context
used to connect to the database. But then, you could just put a valid SQL
username and password in the connection string, and not use SQL/NT
Integrated Security.
So before replying, please answer these questions.
Jeff
"Jennifer" <J.**********@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com... No, nothing is hard-coded. The page names are saved in a database.
How the site works is this - the default page has a navigation bar.
The page names are loaded into a combo box on the navigation bar when
the default page opens up. The URL is created on the fly by getting
the server name and combining it with the page name when the name is
selected from the combo box. I can tell you the URL, but it's on the
local intranet here, so you couldn't see it anyway.
With respect, while there may possibly be 2 different issues, it is the
one with impersonation that I'd want to fix. I think that with that
fixed, the problem with the page address being incorrect may go away.
I think it would be fix the first, then both are fixed. Of course, I
could tell everyone to just use the old server where it all works
anyway. :) But that probalby won't fly.
Apologies for not answering correctly...
I'm not sure how to answer your URL question. And I only say that
because the address doesn't change in the address bar when picking from
the combo box list. Yes, the pages are there on the server in the
correct folder. And yes, on the old server, the navigation works
properly.
The connection to the database works fine. Otherwise the combo box
with the page URLs would not be filled.
The connectin string is:
conn = new SqlConnection("user id=pgm;password=xxx;initial
catalog=wbmain;data source=dbase01;connect timeout=30");
I want to fix the impersonation so the page will work! I only don't
know why it's there because I have never run across that before.
Unfortunately, the person who wrote it did not believe in commenting
his code.
Anyway, thank you for the time you have spent answering questions and
making suggestions. It is appreciated. Maybe I'm reading too much
into your last reply, but it seems quite snippy and I've had enough of
this whole mess for one. I'm going back to doing my real work for the
rest of the day.
You mean you can't see the URL in the combo box? I guess I'm missing
something. What exactly IS in the combo box?
What is the first item in the combo box. Type it out exactly in your next
reply. Also, type it in, in your browser, the same way as it displays.
Unless you are saying that you see something like "Sales" in the combo box,
then the code-behind puts together the URL? What is the final URL in the
browser, when you are reading the error message? Nevfer mind that it is on
the intranet. I can read a proper URL regardless.
Do you have access to the source code? Do you have, and do you know how to
use, Visual Studio? You can open up the page.aspx.vb code in Notepad. Then
look for something that looks like "selectedindexchanged". The code that it
is trying to execute will be in that function, most likely. Post it here
Jeff
"Jennifer" <J.**********@gmail.com> wrote in message
news:11**********************@z34g2000cwc.googlegr oups.com... Apologies for not answering correctly...
I'm not sure how to answer your URL question. And I only say that
because the address doesn't change in the address bar when picking from
the combo box list. Yes, the pages are there on the server in the
correct folder. And yes, on the old server, the navigation works
properly.
The connection to the database works fine. Otherwise the combo box
with the page URLs would not be filled.
The connectin string is:
conn = new SqlConnection("user id=pgm;password=xxx;initial
catalog=wbmain;data source=dbase01;connect timeout=30");
I want to fix the impersonation so the page will work! I only don't
know why it's there because I have never run across that before.
Unfortunately, the person who wrote it did not believe in commenting
his code.
Anyway, thank you for the time you have spent answering questions and
making suggestions. It is appreciated. Maybe I'm reading too much
into your last reply, but it seems quite snippy and I've had enough of
this whole mess for one. I'm going back to doing my real work for the
rest of the day.
And I assume you tried a different username and password, like yours,
instead of the one in the web.config
Jeff
"Jennifer" <J.**********@gmail.com> wrote in message
news:11**********************@z34g2000cwc.googlegr oups.com... Apologies for not answering correctly...
I'm not sure how to answer your URL question. And I only say that
because the address doesn't change in the address bar when picking from
the combo box list. Yes, the pages are there on the server in the
correct folder. And yes, on the old server, the navigation works
properly.
The connection to the database works fine. Otherwise the combo box
with the page URLs would not be filled.
The connectin string is:
conn = new SqlConnection("user id=pgm;password=xxx;initial
catalog=wbmain;data source=dbase01;connect timeout=30");
I want to fix the impersonation so the page will work! I only don't
know why it's there because I have never run across that before.
Unfortunately, the person who wrote it did not believe in commenting
his code.
Anyway, thank you for the time you have spent answering questions and
making suggestions. It is appreciated. Maybe I'm reading too much
into your last reply, but it seems quite snippy and I've had enough of
this whole mess for one. I'm going back to doing my real work for the
rest of the day.
Also, that user may have been in the admin group on the other machine! Add
him to the admin group in this machine, or use an existed admin user
Just got that idea off of Google!
Jeff
"Jennifer" <J.**********@gmail.com> wrote in message
news:11**********************@z34g2000cwc.googlegr oups.com... Apologies for not answering correctly...
I'm not sure how to answer your URL question. And I only say that
because the address doesn't change in the address bar when picking from
the combo box list. Yes, the pages are there on the server in the
correct folder. And yes, on the old server, the navigation works
properly.
The connection to the database works fine. Otherwise the combo box
with the page URLs would not be filled.
The connectin string is:
conn = new SqlConnection("user id=pgm;password=xxx;initial
catalog=wbmain;data source=dbase01;connect timeout=30");
I want to fix the impersonation so the page will work! I only don't
know why it's there because I have never run across that before.
Unfortunately, the person who wrote it did not believe in commenting
his code.
Anyway, thank you for the time you have spent answering questions and
making suggestions. It is appreciated. Maybe I'm reading too much
into your last reply, but it seems quite snippy and I've had enough of
this whole mess for one. I'm going back to doing my real work for the
rest of the day. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Alvaro Pereira |
last post by:
I have a ASP.NET project that prints a report to a NETWORK-
PRINTER. I have impersonate=true in my web.config, but all
reports are printed under ASPNET user (the one that is
setted in...
|
by: Erez Shor |
last post by:
Hi,
I need to build and asp page which access a remote windows server's
registry and create a registry key.
In order for the ASP page to be able to access the registry on the
remote server I need...
|
by: Svein Terje Gaup |
last post by:
I have a website running on Windows 2000 Server, that should be able to
retrieve data from a datawarehouse on another machine running Windows 2000
Server, SQL Server 2000 and SQL Server 2000...
|
by: Sorin Sandu |
last post by:
How can I override Identity Impersonate setting from machine.config on a
site on the same server ?
I am using impersonate on most web sites but on one I need to use Windows
Identity.
|
by: =?Utf-8?B?QXZhRGV2?= |
last post by:
ASP.Net 2.
We are migrating to Windows 2008 64 bit Server with IIS 7 from Windows 2003
32 Bit with IIS 6. A few library classes we wrote uses impersonation in code
like explained in this...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
