473,395 Members | 2,798 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > global.asax not allowing identity impersonation?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Global.asax not allowing identity impersonation?

Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET

Not allowed to use the ASPNET machine account in SQL Server (very
strict environment).

Need to use Windows authentication, so we use "Identity
Impersonate=true" in the web.config file.

Trying to implement a system-wide error trapping mechanism. Nothing
fancy, just writing to a log file. The recommended procedure was to
define "CustomErrors=On" in web.config and manually add a "Global.asax"
file to the solution that included code in the "Application_Error"
section to handle the error.

This worked fine on the development box, but when moved over to the
test environment (the one *without* the ASPNET user account), it fails
with the error listed at the bottom of this post.

Is it because the "Global.asax" file is compiled and the ASPNET user
account is the one that performs those tasks? But what about "Identity
Impersonate"? Is it being overridden? Has the impersonation not taken
place yet? (Again, there is no fancy code in Global.asax; I even
removed all code that I had added and had the same result:

"Error [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user '<machine-name>\ASPNET'"

(If you wish, you may refer to a prior, related thread located here:
http://groups.google.com/group/micro...d08acd2d6fc85?
)

Please help. Thank you.

Jun 27 '06 #1
8 3521
Doug,
The error that you report at the bottom of your post has nothing to do with
impersonation-
it has to do with the fact that the connection string you are using for SQL
Server access
wants to log on with the ASPNET account of that machine.
If you are using <identity impersonate="true" then you need to also supply
the other parameters
,e.g. userName = "DOMAIN\user" password="password" in that element -
of the account whose credentials DO have access to SQL Server.
Peter

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Doug" wrote:
Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET

Not allowed to use the ASPNET machine account in SQL Server (very
strict environment).

Need to use Windows authentication, so we use "Identity
Impersonate=true" in the web.config file.

Trying to implement a system-wide error trapping mechanism. Nothing
fancy, just writing to a log file. The recommended procedure was to
define "CustomErrors=On" in web.config and manually add a "Global.asax"
file to the solution that included code in the "Application_Error"
section to handle the error.

This worked fine on the development box, but when moved over to the
test environment (the one *without* the ASPNET user account), it fails
with the error listed at the bottom of this post.

Is it because the "Global.asax" file is compiled and the ASPNET user
account is the one that performs those tasks? But what about "Identity
Impersonate"? Is it being overridden? Has the impersonation not taken
place yet? (Again, there is no fancy code in Global.asax; I even
removed all code that I had added and had the same result:

"Error [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user '<machine-name>\ASPNET'"

(If you wish, you may refer to a prior, related thread located here:
http://groups.google.com/group/micro...d08acd2d6fc85?
)

Please help. Thank you.

Jun 27 '06 #2
When you set Identity Impersonate=true, this means impersonate during the
request processing. Processing in global.asax is generally outside the
request processing. If you are on server 2003, you should use an application
pool, with identity with access to the serverserver. you could also specify
the account/password in the web.config (use the encrypted registry support).

-- bruce (sqlwork.com)
"Doug" <sp*******@gmail.com> wrote in message
news:11**********************@i40g2000cwc.googlegr oups.com...
Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET

Not allowed to use the ASPNET machine account in SQL Server (very
strict environment).

Need to use Windows authentication, so we use "Identity
Impersonate=true" in the web.config file.

Trying to implement a system-wide error trapping mechanism. Nothing
fancy, just writing to a log file. The recommended procedure was to
define "CustomErrors=On" in web.config and manually add a "Global.asax"
file to the solution that included code in the "Application_Error"
section to handle the error.

This worked fine on the development box, but when moved over to the
test environment (the one *without* the ASPNET user account), it fails
with the error listed at the bottom of this post.

Is it because the "Global.asax" file is compiled and the ASPNET user
account is the one that performs those tasks? But what about "Identity
Impersonate"? Is it being overridden? Has the impersonation not taken
place yet? (Again, there is no fancy code in Global.asax; I even
removed all code that I had added and had the same result:

"Error [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user '<machine-name>\ASPNET'"

(If you wish, you may refer to a prior, related thread located here:
http://groups.google.com/group/micro...d08acd2d6fc85?
)

Please help. Thank you.

Jun 27 '06 #3
Peter wrote:
Doug,
The error that you report at the bottom of your post has nothing to do with
impersonation-
it has to do with the fact that the connection string you are using for SQL
Server access
wants to log on with the ASPNET account of that machine.
If you are using <identity impersonate="true" then you need to also supply
the other parameters
,e.g. userName = "DOMAIN\user" password="password" in that element -
of the account whose credentials DO have access to SQL Server.


Thanks, Peter. I changed the line to read:

<identity impersonate="true" userName="(my username)") password="(my
password)"></identity>

The test system is not on a domain, so I didn't add that.

Still getting the error. What should I try next?

Jun 27 '06 #4
bruce barker (sqlwork.com) wrote:
When you set Identity Impersonate=true, this means impersonate during the
request processing. Processing in global.asax is generally outside the
request processing. If you are on server 2003, you should use an application
pool, with identity with access to the serverserver. you could also specify
the account/password in the web.config (use the encrypted registry support).

-- bruce (sqlwork.com)


Not on Windows Server 2003 yet, so I guess I can't use an application
pool?

I tried, as Peter suggested, specifying the account/password in the
web.config... same error.

Jun 27 '06 #5
bruce barker (sqlwork.com) wrote:
When you set Identity Impersonate=true, this means impersonate during the
request processing. Processing in global.asax is generally outside the
request processing. If you are on server 2003, you should use an application
pool, with identity with access to the serverserver. you could also specify
the account/password in the web.config (use the encrypted registry support).

-- bruce (sqlwork.com)


Not on Windows Server 2003 yet, so I guess I can't use an application
pool?

I tried, as Peter suggested, specifying the account/password in the
web.config... same error.

I should also mention that, interestingly enough, the application
starts up just fine if I manually go into the \bin folder and delete
the file "App_global.asax.dll" or "App_global.asax.compiled"... (?!)

Jun 27 '06 #6
Forgot to mention the other reason that led me to believe that it was
related to the ASPNET user. When I add that account back into SQL
Server on the Test Environment, the program works.

Jun 28 '06 #7
Forgot to mention:

- The other reason that made me think it was related to the ASPNET user
was that when I add that account back into SQL Server on the Test
Server, the program works.

- When it worked from the "Development Box", it was hitting the server,
not itself. It would work ONLY from the IDE. If I hit the server
(192.168.1.2) from the development box (192.168.1.3) directly through
Internet Explorer, it will fail.

- We have a System DSN defined on the development box to connect to the
SQL Server (both SQL and IIS are on the 192.168.1.1 server). DSN uses
Windows NT authentication.

Jun 28 '06 #8
Forgot to mention:

Adding the ASPNET user account back into SQL Server on the Test
Server also makes the program work.

It works from the "Development Box" ONLY from the IDE. If I hit the
server
(192.168.1.2) from the development box (192.168.1.3) directly through
Internet Explorer, it will fail.

- We have a System DSN defined on the development box to connect to the

SQL Server (both SQL and IIS are on the 192.168.1.2 server). The DSN
uses
Windows NT authentication.

Jun 28 '06 #9
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
User Impresonation in Global.asax OnStart
by: Alex Maghen | last post by:
It looks as if user imporsonation doesn't work in the Global.asax OnStart event. What this means is that if I have application configured to use "AlexUser" as the user for all ASP.NET stuff, that...
ASP.NET
2
Problem with Session_End in Global.asax
by: Bela | last post by:
Hello I was wondering if someone could help me out with a Session_End problem in my Global.asax. I've tried everything, and still no success Here is the scenario: sessionstate is set to InProc....
ASP.NET
3
Global.asax Inheritance?
by: Joe Reazor | last post by:
I understand how Web.Config inheritance works between a parent application and sub applications under the parent. But what I was wondering was if there was a similar way to do the same thing for...
ASP.NET
4
"NT Authority\Network Service" in Global.asax
by: Alex Maghen | last post by:
This is weird On my WinXP development box, database calls made from within my GLOBAL.ASAX go to SQLServer as user "ASPNET" even though I have impersonation turned on in my web.config. That's fine...
ASP.NET
5
Global.asax and HttpContext.User
by: Victor Jones | last post by:
I had a question about accessing HttpContext.User in global.asax. I was trying to access HttpContext.User in Application_BeginRequest() which had a null value as opposed to containing a valid...
ASP.NET
4
ASP.NET 2/Global.asax/code-behind/Application_Start
by: NoNickname | last post by:
Hi, I need to get a string from a COM component at application start. (It's a Long Story and I cannot change this fact.) In ASP.NET 1.1, I simply called this COM component in Global.asax.cs...
ASP.NET
2
HTTPModules vs Global.asax
by: tshad | last post by:
I am setting up Authentication that I want to put in multiple Web Sites on my server. I found a good article on this and am looking at moving my code from my Global.asax file to an HTTP Module. ...
ASP.NET
19
Global.asax not firing
by: furiousmojo | last post by:
This is a strange problem. I have a project where the contents of global.asax application_error are not firing. It is an asp.net 2.0 application using web application projects. I have another...
ASP.NET
3
If no ASPNET user account, can I use Global.asax for application-level error trapping?
by: Doug | last post by:
Using Visual Studio 2005, SQL Server 2000, and ASP.NET/VB.NET for a Web Application. We have a System DSN using Windows NT authentication defined on the development box to connect to the SQL...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!