473,706 Members | 5,919 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Impersonation causes a server error

Hi,
I've currently setup a local user as described in:
http://msdn.microsoft.com/library/de...ary/en-us/dnne...

This users has been created on the remote server, and locally on our
web farm servers. All access to NTFS file system has been setup and the

users local privileges. However, when I add the
<identity impersonate="tr ue" userName="YourA ccount"
password="YourS trongPassword" />
Code in the web.config file, the website starts behaving in an
unpredictable manner - mainly blowing up with the following error:
Server Error in '/admin' Application.
--------------------------------------------------------------------------------

Cannot execute a program. The command being executed was
"c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe" /noconfig
@"C:\WINDOWS\Mi crosoft.NET\Fra mework\v1.1.432 2\Temporary ASP.NET
Files\admin\1af b246b\8ae84806\ pu6rzxdn.cmdlin e".
Description: An unhandled exception occurred during compilation using
the CodeDomProvider 'Microsoft.CSha rp.CSharpCodePr ovider'. Please
review the stack trace for more information about the error and where
it originated in the code.
Exception Details: System.Runtime. InteropServices .ExternalExcept ion:
Cannot execute a program. The command being executed was
"c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe" /noconfig
@"C:\WINDOWS\Mi crosoft.NET\Fra mework\v1.1.432 2\Temporary ASP.NET
Files\admin\1af b246b\8ae84806\ pu6rzxdn.cmdlin e".
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[ExternalExcepti on (0x10b): Cannot execute a program. The command being

executed was "c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe"
/noconfig @"C:\WINDOWS\Mi crosoft.NET\Fra mework\v1.1.432 2\Temporary
ASP.NET Files\admin\1af b246b\8ae84806\ pu6rzxdn.cmdlin e".]
System.CodeDom. Compiler.Execut or.ExecWaitWith CaptureUnimpers onated(IntPtr

userToken, String cmd, String currentDir, TempFileCollect ion tempFiles,

String& outputName, String& errorName, String trueCmdLine) +2054
System.CodeDom. Compiler.Execut or.ExecWaitWith Capture(IntPtr
userToken, String cmd, String currentDir, TempFileCollect ion tempFiles,

String& outputName, String& errorName, String trueCmdLine) +260
System.CodeDom. Compiler.CodeCo mpiler.Compile( CompilerParamet ers
options, String compilerDirecto ry, String compilerExe, String
arguments, String& outputFile, Int32& nativeReturnVal ue, String
trueArgs) +383
System.CodeDom. Compiler.CodeCo mpiler.FromFile Batch(CompilerP arameters
options, String[] fileNames) +548
System.CodeDom. Compiler.CodeCo mpiler.FromDomB atch(CompilerPa rameters

options, CodeCompileUnit[] ea) +428
System.CodeDom. Compiler.CodeCo mpiler.FromDom( CompilerParamet ers
options, CodeCompileUnit e) +90
System.CodeDom. Compiler.CodeCo mpiler.System.C odeDom.Compiler .ICodeCompiler. CompileAssembly FromDom(Compile rParameters

options, CodeCompileUnit e) +37
System.Web.Comp ilation.BaseCom piler.GetCompil edType() +227
--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:1.1.432 2.2300;
ASP.NET Version:1.1.432 2.2300
If I remove the impersonation - the site works fine, apart from the
fact I can't read/write to the remote server. I have googled till I'm
blind, anyone any ideas?

Sorry, I have aslo posted this in microsoft.publi c.dotnet.genera l but
haven't had any help there...

Feb 15 '06 #1
11 2849
I had a problem with impersonation that seems similar

1) I set up the web service with no impersonation and ran it... it
worked fine.
2) I turned on the impersonation, using a restricted user and got an
access error on

C:\WINDOWS\Micr osoft.NET\Frame work\v1.1.4322\ Temporary ASP.NET
Files\<my service>\ffc157 b7\...

The solution I found was to delete all the temporary files\folders for
the service

i.e.

C:\WINDOWS\Micr osoft.NET\Frame work\v1.1.4322\ Temporary ASP.NET
Files\<my service> and below

and then invoke the service with impersonation turned on.

It then worked fine.
My hypothesis - though I haven't confirmed it - is that if you start
the service without impersonation, the owner of the temp files is
ASPNET. When you turn impersonation on, unless the new account has
enough privileges to read these temp files (say it is in the admin
group) you will get an access error.

If you delete the temp files and start the service/site with
impersonation on, then the owner is the impersonating ID and everything
works fine.
hth,
Alan.

Feb 15 '06 #2
Thanks for your solution. I have already granted access to the
temporary asp.net directory to the impersonated user. So they
shouldn't be any issues. but knowing MS there probably is.

Unfortunatley, tried it, but it hasn't solved my problem. Anyone out
there with any other ideas, or better yet - hoe can I write these files
to this remote server in .net NOT using impersonation?

Feb 15 '06 #3

"Phil" <ph***********@ gmail.com> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. .
| Thanks for your solution. I have already granted access to the
| temporary asp.net directory to the impersonated user. So they
| shouldn't be any issues. but knowing MS there probably is.
|
| Unfortunatley, tried it, but it hasn't solved my problem. Anyone out
| there with any other ideas, or better yet - hoe can I write these files
| to this remote server in .net NOT using impersonation?
|

According the stacktrace, the problem is that you can't run
"c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe" while impersonating,
that means that the impersonated account has not "execute rights" for
csc.exe.

Note that impersonating at this level is a bad thing, you should inpersonate
in code, or better run this outside your web application, for instance in an
out-proc COM+ server application that runs with a fixed identity.

Willy.

Feb 15 '06 #4
Willy,

Thanks, I understand the risks invovled but just need to get this
working in test. I read the error message to mean the same. The problem
is the impersonation account has access to read & execute in the
c:\windows\micr osoft.net\frame work\v1.1.4322\ folder.

This is why it doesn't make sense. Also I only get this error after
writing to the shared drive, which works. Anyone else any pointers.
(whilst I've been away I've also coded the impersonation, and that
isn't working either!).

Feb 17 '06 #5

"Phil" <ph***********@ gmail.com> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. .
| Willy,
|
| Thanks, I understand the risks invovled but just need to get this
| working in test. I read the error message to mean the same. The problem
| is the impersonation account has access to read & execute in the
| c:\windows\micr osoft.net\frame work\v1.1.4322\ folder.
|
| This is why it doesn't make sense. Also I only get this error after
| writing to the shared drive, which works. Anyone else any pointers.
| (whilst I've been away I've also coded the impersonation, and that
| isn't working either!).
|

What's the asp.net process identity? The CSC command is run by the worker
process, not by the impersonated client.
Willy.
Feb 17 '06 #6
Thanks again Willy, I don't know how to check what the asp.net process
identity is. How do I find out?

Feb 17 '06 #7

"Phil" <ph***********@ gmail.com> wrote in message
news:11******** **************@ o13g2000cwo.goo glegroups.com.. .
| Thanks again Willy, I don't know how to check what the asp.net process
| identity is. How do I find out?
|

Hmmmm, if you don't know it, it's probably because you never changed the
default, in that case I must be wrong, in that the CSC command doesn't run
under the process identity, but uses the impersonated identity to execute
CSC [1].

Anyway, it's defined in your machine.config file (note this is only for W2K
and XP) in the section processModel (look under Framework\v1.1. 4322\CONFIG
for the file).
In this section you'll find userName attribute, possible values are:
- machine which defaults to "aspnet" for W2K and XP
- SYSTEM stands for "localsyste m" or "SYSTEM"
- or a windows user name. (local or domain).
On W2K3 the default worker process identity is "network user"

[1] Try to enable "file access auditing" on the framework directory path,
that way you will get a message in the security event log telling exactly
which user fails to access this directory.

Willy.


Feb 17 '06 #8
Willy,

userName="machi ne"

Is in my machine.config.

I've enabled logging I think on NETWORK, NETWORK SERVICE, ASP.NET,
Internet User Account and my imperonsated user. I've caused the
program to fall over, and there's nothing in the security logs
(assuming you mean, Computer Management>Syst em Tools>Event
Viewer>Security ).

Feb 20 '06 #9
Willy,

Some more information. The error in accessing csc only happens after a
files has been written to the sharded directory. Until then the .net
application works fine runnin under the impersontation.

After writing to the shared folder, every application running under IIS
starts to error showing the same error page - even .net applications
that aren't using impersonation.

The servers are all being hosted by a third party, there is no domain
(all machnies are under the WORKGROUP, workgroup). I have setup
duplicate local users one each machine with the same username and
password.

I really think I've found a bug in .net 1.1, should I raise a MS
support ticket?

Feb 22 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
1056
by: seandiaz | last post by:
I have a question concerning impersonation - I created an app using impersonation that runs fine on my local machine. I also ran the app on two other developer machines and it runs fine. When I move the app to the web server for additional testing - none of the pages work. I'm not even able to pull up the login page. I gave the user the same rights that the asp.net process has. Is there anything else that needs to be done? Does the...
1
2119
by: CyberDigger | last post by:
I have two computers, client and server. The client is running Windows 2000 Professional and is in a workgroup, say "MyWorkgroup". The server is running Windows Server 2003 Standard Edition and is in a domain, say "MyDomain". What I need is to logon to the client as some generic local administrator user and then access resources (e.g. share folder, SQL Server using Windows Authentication, etc.) on the server. Here is what I did: I...
1
3960
by: techfuzz | last post by:
I'm posting my problem experience and solution I found here for other ASP.NET developers. I have a web application that uses Forms Authentication with Active Directory to control access. In this web application, I have search page that utilizes the Windows Indexing Service (MSIDXS provider). For reasons I'm not aware of at this time, setting <identity impersonation="true" /> in the web.config causes an error whenever you try to search.
2
1410
by: Tom Wells | last post by:
My server admin and I are trying to figure out how to get impersonation working to be able to upload a file from the client browser thru the web server to a network file server. My network ID for testing is twells. Our domain for testing is dev.com. If I don't have impersonation set in web.config the user ID shown by System.Security.Principal.WindowsIdentity.GetCurrent().Name is "twells/ASPNET" which does not exist on our network. If I...
1
2163
by: Top Poster | last post by:
Hi all, I am trying to work out how I can use impersonation to connect to an Oracle 9i database such that I can avoid sending a clear text username and password to the Oracle server. We are using Windows 2000 and IIS 5.0. Currently the database and the Webserver are running on the same machine (which I'll call MyMachineName) Until now I have been using a connection string in the web.config file on an IIS Web Server as follows:
0
1453
by: Jim Heavey | last post by:
Hello, I have been taking a swing at learning how I can use Impersonation via code and I am getting back an error code of 1314. By searching the internet, I have come to believe that this error means the account it invalid. If I use my ID and password, the code works fine, so I am guessing it is not the code. I requested this "special" account from the network folks and have been using it for submitting batch Console applications from my...
0
1268
by: velvet.graham | last post by:
I'm having a difficult time with impersonation. I've created an impersonation class. Here is the code below: ******Impersonation Class Code********* Imports System Imports System.Web.Security Imports System.Runtime.InteropServices Imports System.Security.Principal Imports System.DirectoryServices Imports System.Security.Permissions
8
3548
by: Doug | last post by:
Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET Not allowed to use the ASPNET machine account in SQL Server (very strict environment). Need to use Windows authentication, so we use "Identity Impersonate=true" in the web.config file. Trying to implement a system-wide error trapping mechanism. Nothing fancy, just writing to a log file. The recommended procedure was to
0
1514
by: Daniel Knöpfel | last post by:
Hello On our asp.net 2.0 website we impersonate every request to the identity of the user logged in. This works this way: 1. user logs in, providing username, password 2. user is authenticated against an active directory and the windows identity is retrieved (and stored in the session!!) 3. user is impersonated using the windows identity (thread is now running under the identity of the user)
0
8779
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8695
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9282
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9154
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9048
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
5937
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
3142
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2499
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2089
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.