Impersonation causes a server error

Phil

Hi,
I've currently setup a local user as described in:
http://msdn.microsoft.com/library/de...ary/en-us/dnne...

This users has been created on the remote server, and locally on our
web farm servers. All access to NTFS file system has been setup and the

users local privileges. However, when I add the
<identity impersonate="tr ue" userName="YourA ccount"
password="YourS trongPassword" />
Code in the web.config file, the website starts behaving in an
unpredictable manner - mainly blowing up with the following error:
Server Error in '/admin' Application.
--------------------------------------------------------------------------------

Cannot execute a program. The command being executed was
"c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe" /noconfig
@"C:\WINDOWS\Mi crosoft.NET\Fra mework\v1.1.432 2\Temporary ASP.NET
Files\admin\1af b246b\8ae84806\ pu6rzxdn.cmdlin e".
Description: An unhandled exception occurred during compilation using
the CodeDomProvider 'Microsoft.CSha rp.CSharpCodePr ovider'. Please
review the stack trace for more information about the error and where
it originated in the code.
Exception Details: System.Runtime. InteropServices .ExternalExcept ion:
Cannot execute a program. The command being executed was
"c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe" /noconfig
@"C:\WINDOWS\Mi crosoft.NET\Fra mework\v1.1.432 2\Temporary ASP.NET
Files\admin\1af b246b\8ae84806\ pu6rzxdn.cmdlin e".
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[ExternalExcepti on (0x10b): Cannot execute a program. The command being

executed was "c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe"
/noconfig @"C:\WINDOWS\Mi crosoft.NET\Fra mework\v1.1.432 2\Temporary
ASP.NET Files\admin\1af b246b\8ae84806\ pu6rzxdn.cmdlin e".]
System.CodeDom. Compiler.Execut or.ExecWaitWith CaptureUnimpers onated(IntPtr

userToken, String cmd, String currentDir, TempFileCollect ion tempFiles,

String& outputName, String& errorName, String trueCmdLine) +2054
System.CodeDom. Compiler.Execut or.ExecWaitWith Capture(IntPtr
userToken, String cmd, String currentDir, TempFileCollect ion tempFiles,

String& outputName, String& errorName, String trueCmdLine) +260
System.CodeDom. Compiler.CodeCo mpiler.Compile( CompilerParamet ers
options, String compilerDirecto ry, String compilerExe, String
arguments, String& outputFile, Int32& nativeReturnVal ue, String
trueArgs) +383
System.CodeDom. Compiler.CodeCo mpiler.FromFile Batch(CompilerP arameters
options, String[] fileNames) +548
System.CodeDom. Compiler.CodeCo mpiler.FromDomB atch(CompilerPa rameters

options, CodeCompileUnit[] ea) +428
System.CodeDom. Compiler.CodeCo mpiler.FromDom( CompilerParamet ers
options, CodeCompileUnit e) +90
System.CodeDom. Compiler.CodeCo mpiler.System.C odeDom.Compiler .ICodeCompiler. CompileAssembly FromDom(Compile rParameters

options, CodeCompileUnit e) +37
System.Web.Comp ilation.BaseCom piler.GetCompil edType() +227
--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:1.1.432 2.2300;
ASP.NET Version:1.1.432 2.2300
If I remove the impersonation - the site works fine, apart from the
fact I can't read/write to the remote server. I have googled till I'm
blind, anyone any ideas?

Sorry, I have aslo posted this in microsoft.publi c.dotnet.genera l but
haven't had any help there...

Feb 15 '06 #1

Subscribe Reply

2852

alantolan

I had a problem with impersonation that seems similar

1) I set up the web service with no impersonation and ran it... it
worked fine.
2) I turned on the impersonation, using a restricted user and got an
access error on

C:\WINDOWS\Micr osoft.NET\Frame work\v1.1.4322\ Temporary ASP.NET
Files\<my service>\ffc157 b7\...

The solution I found was to delete all the temporary files\folders for
the service

i.e.

C:\WINDOWS\Micr osoft.NET\Frame work\v1.1.4322\ Temporary ASP.NET
Files\<my service> and below

and then invoke the service with impersonation turned on.

It then worked fine.
My hypothesis - though I haven't confirmed it - is that if you start
the service without impersonation, the owner of the temp files is
ASPNET. When you turn impersonation on, unless the new account has
enough privileges to read these temp files (say it is in the admin
group) you will get an access error.

If you delete the temp files and start the service/site with
impersonation on, then the owner is the impersonating ID and everything
works fine.
hth,
Alan.

Feb 15 '06 #2

Phil

Thanks for your solution. I have already granted access to the
temporary asp.net directory to the impersonated user. So they
shouldn't be any issues. but knowing MS there probably is.

Unfortunatley, tried it, but it hasn't solved my problem. Anyone out
there with any other ideas, or better yet - hoe can I write these files
to this remote server in .net NOT using impersonation?

Feb 15 '06 #3

Willy Denoyette [MVP]

"Phil" <ph***********@ gmail.com> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. .
| Thanks for your solution. I have already granted access to the
| temporary asp.net directory to the impersonated user. So they
| shouldn't be any issues. but knowing MS there probably is.
|
| Unfortunatley, tried it, but it hasn't solved my problem. Anyone out
| there with any other ideas, or better yet - hoe can I write these files
| to this remote server in .net NOT using impersonation?
|

According the stacktrace, the problem is that you can't run
"c:\windows\mic rosoft.net\fram ework\v1.1.4322 \csc.exe" while impersonating,
that means that the impersonated account has not "execute rights" for
csc.exe.

Note that impersonating at this level is a bad thing, you should inpersonate
in code, or better run this outside your web application, for instance in an
out-proc COM+ server application that runs with a fixed identity.

Willy.

Feb 15 '06 #4

Phil

Willy,

Thanks, I understand the risks invovled but just need to get this
working in test. I read the error message to mean the same. The problem
is the impersonation account has access to read & execute in the
c:\windows\micr osoft.net\frame work\v1.1.4322\ folder.

This is why it doesn't make sense. Also I only get this error after
writing to the shared drive, which works. Anyone else any pointers.
(whilst I've been away I've also coded the impersonation, and that
isn't working either!).

Feb 17 '06 #5

Willy Denoyette [MVP]

"Phil" <ph***********@ gmail.com> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. .
| Willy,
|
| Thanks, I understand the risks invovled but just need to get this
| working in test. I read the error message to mean the same. The problem
| is the impersonation account has access to read & execute in the
| c:\windows\micr osoft.net\frame work\v1.1.4322\ folder.
|
| This is why it doesn't make sense. Also I only get this error after
| writing to the shared drive, which works. Anyone else any pointers.
| (whilst I've been away I've also coded the impersonation, and that
| isn't working either!).
|

What's the asp.net process identity? The CSC command is run by the worker
process, not by the impersonated client.
Willy.

Feb 17 '06 #6

Phil

Thanks again Willy, I don't know how to check what the asp.net process
identity is. How do I find out?

Feb 17 '06 #7

Willy Denoyette [MVP]

"Phil" <ph***********@ gmail.com> wrote in message
news:11******** **************@ o13g2000cwo.goo glegroups.com.. .
| Thanks again Willy, I don't know how to check what the asp.net process
| identity is. How do I find out?
|

Hmmmm, if you don't know it, it's probably because you never changed the
default, in that case I must be wrong, in that the CSC command doesn't run
under the process identity, but uses the impersonated identity to execute
CSC [1].

Anyway, it's defined in your machine.config file (note this is only for W2K
and XP) in the section processModel (look under Framework\v1.1. 4322\CONFIG
for the file).
In this section you'll find userName attribute, possible values are:
- machine which defaults to "aspnet" for W2K and XP
- SYSTEM stands for "localsyste m" or "SYSTEM"
- or a windows user name. (local or domain).
On W2K3 the default worker process identity is "network user"

[1] Try to enable "file access auditing" on the framework directory path,
that way you will get a message in the security event log telling exactly
which user fails to access this directory.

Willy.

Feb 17 '06 #8

Phil

Willy,

userName="machi ne"

Is in my machine.config.

I've enabled logging I think on NETWORK, NETWORK SERVICE, ASP.NET,
Internet User Account and my imperonsated user. I've caused the
program to fall over, and there's nothing in the security logs
(assuming you mean, Computer Management>Syst em Tools>Event
Viewer>Security ).

Feb 20 '06 #9

Phil

Willy,

Some more information. The error in accessing csc only happens after a
files has been written to the sharded directory. Until then the .net
application works fine runnin under the impersontation.

After writing to the shared folder, every application running under IIS
starts to error showing the same error page - even .net applications
that aren't using impersonation.

The servers are all being hosted by a third party, there is no domain
(all machnies are under the WORKGROUP, workgroup). I have setup
duplicate local users one each machine with the same username and
password.

I really think I've found a bug in .net 1.1, should I raise a MS
support ticket?

Feb 22 '06 #10

Similar topics

1056

Impersonation

by: seandiaz | last post by:

I have a question concerning impersonation - I created an app using impersonation that runs fine on my local machine. I also ran the app on two other developer machines and it runs fine. When I move the app to the web server for additional testing - none of the pages work. I'm not even able to pull up the login page. I gave the user the same rights that the asp.net process has. Is there anything else that needs to be done? Does the...

.NET Framework

2128

Why the impersonation work in one case and not the other?

by: CyberDigger | last post by:

I have two computers, client and server. The client is running Windows 2000 Professional and is in a workgroup, say "MyWorkgroup". The server is running Windows Server 2003 Standard Edition and is in a domain, say "MyDomain". What I need is to logon to the client as some generic local administrator user and then access resources (e.g. share folder, SQL Server using Windows Authentication, etc.) on the server. Here is what I did: I...

.NET Framework

3962

Impersonation failure with Index Server and Forms Authentication with Active Directory

by: techfuzz | last post by:

I'm posting my problem experience and solution I found here for other ASP.NET developers. I have a web application that uses Forms Authentication with Active Directory to control access. In this web application, I have search page that utilizes the Windows Indexing Service (MSIDXS provider). For reasons I'm not aware of at this time, setting <identity impersonation="true" /> in the web.config causes an error whenever you try to search.

ASP.NET

1411

Impersonation issues

by: Tom Wells | last post by:

My server admin and I are trying to figure out how to get impersonation working to be able to upload a file from the client browser thru the web server to a network file server. My network ID for testing is twells. Our domain for testing is dev.com. If I don't have impersonation set in web.config the user ID shown by System.Security.Principal.WindowsIdentity.GetCurrent().Name is "twells/ASPNET" which does not exist on our network. If I...

ASP.NET

2166

ASP.NET Impersonation to access Oracle database...

by: Top Poster | last post by:

Hi all, I am trying to work out how I can use impersonation to connect to an Oracle 9i database such that I can avoid sending a clear text username and password to the Oracle server. We are using Windows 2000 and IIS 5.0. Currently the database and the Webserver are running on the same machine (which I'll call MyMachineName) Until now I have been using a connection string in the web.config file on an IIS Web Server as follows:

ASP.NET

1456

Impersonation - 1314 Marshal.GetLastWin32Error

by: Jim Heavey | last post by:

Hello, I have been taking a swing at learning how I can use Impersonation via code and I am getting back an error code of 1314. By searching the internet, I have come to believe that this error means the account it invalid. If I use my ID and password, the code works fine, so I am guessing it is not the code. I requested this "special" account from the network folks and have been using it for submitting batch Console applications from my...

ASP.NET

1271

Impersonation Problem

by: velvet.graham | last post by:

I'm having a difficult time with impersonation. I've created an impersonation class. Here is the code below: ******Impersonation Class Code********* Imports System Imports System.Web.Security Imports System.Runtime.InteropServices Imports System.Security.Principal Imports System.DirectoryServices Imports System.Security.Permissions

ASP.NET

3549

Global.asax not allowing identity impersonation?

by: Doug | last post by:

Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET Not allowed to use the ASPNET machine account in SQL Server (very strict environment). Need to use Windows authentication, so we use "Identity Impersonate=true" in the web.config file. Trying to implement a system-wide error trapping mechanism. Nothing fancy, just writing to a log file. The recommended procedure was to

ASP.NET

1518

non-reproducable problems with impersonationin asp.net: login failed for user 'null' after impersonation

by: Daniel Knöpfel | last post by:

Hello On our asp.net 2.0 website we impersonate every request to the identity of the user logged in. This works this way: 1. user logs in, providing username, password 2. user is authenticated against an active directory and the windows identity is retrieved (and stored in the session!!) 3. user is impersonated using the windows identity (thread is now running under the identity of the user)

ASP.NET

9497

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10363

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10169

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9964

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6749

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5398

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4067

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3670

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2894

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General