473,382 Members | 1,441 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > impersonation causes a server error

Join Bytes to post your question to a community of 473,382 software developers and data experts.

Impersonation causes a server error

Hi,
I've currently setup a local user as described in:
http://msdn.microsoft.com/library/de...ary/en-us/dnne...

This users has been created on the remote server, and locally on our
web farm servers. All access to NTFS file system has been setup and the

users local privileges. However, when I add the
<identity impersonate="true" userName="YourAccount"
password="YourStrongPassword" />
Code in the web.config file, the website starts behaving in an
unpredictable manner - mainly blowing up with the following error:
Server Error in '/admin' Application.
--------------------------------------------------------------------------------

Cannot execute a program. The command being executed was
"c:\windows\microsoft.net\framework\v1.1.4322\csc. exe" /noconfig
@"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Tem porary ASP.NET
Files\admin\1afb246b\8ae84806\pu6rzxdn.cmdline".
Description: An unhandled exception occurred during compilation using
the CodeDomProvider 'Microsoft.CSharp.CSharpCodeProvider'. Please
review the stack trace for more information about the error and where
it originated in the code.
Exception Details: System.Runtime.InteropServices.ExternalException:
Cannot execute a program. The command being executed was
"c:\windows\microsoft.net\framework\v1.1.4322\csc. exe" /noconfig
@"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Tem porary ASP.NET
Files\admin\1afb246b\8ae84806\pu6rzxdn.cmdline".
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[ExternalException (0x10b): Cannot execute a program. The command being

executed was "c:\windows\microsoft.net\framework\v1.1.4322\csc. exe"
/noconfig @"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Tem porary
ASP.NET Files\admin\1afb246b\8ae84806\pu6rzxdn.cmdline".]
System.CodeDom.Compiler.Executor.ExecWaitWithCaptu reUnimpersonated(IntPtr

userToken, String cmd, String currentDir, TempFileCollection tempFiles,

String& outputName, String& errorName, String trueCmdLine) +2054
System.CodeDom.Compiler.Executor.ExecWaitWithCaptu re(IntPtr
userToken, String cmd, String currentDir, TempFileCollection tempFiles,

String& outputName, String& errorName, String trueCmdLine) +260
System.CodeDom.Compiler.CodeCompiler.Compile(Compi lerParameters
options, String compilerDirectory, String compilerExe, String
arguments, String& outputFile, Int32& nativeReturnValue, String
trueArgs) +383
System.CodeDom.Compiler.CodeCompiler.FromFileBatch (CompilerParameters
options, String[] fileNames) +548
System.CodeDom.Compiler.CodeCompiler.FromDomBatch( CompilerParameters

options, CodeCompileUnit[] ea) +428
System.CodeDom.Compiler.CodeCompiler.FromDom(Compi lerParameters
options, CodeCompileUnit e) +90
System.CodeDom.Compiler.CodeCompiler.System.CodeDo m.Compiler.ICodeCompiler.CompileAssemblyFromDom(Co mpilerParameters

options, CodeCompileUnit e) +37
System.Web.Compilation.BaseCompiler.GetCompiledTyp e() +227
--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:1.1.4322.2300;
ASP.NET Version:1.1.4322.2300
If I remove the impersonation - the site works fine, apart from the
fact I can't read/write to the remote server. I have googled till I'm
blind, anyone any ideas?

Sorry, I have aslo posted this in microsoft.public.dotnet.general but
haven't had any help there...

Feb 15 '06 #1
11 2812
I had a problem with impersonation that seems similar

1) I set up the web service with no impersonation and ran it... it
worked fine.
2) I turned on the impersonation, using a restricted user and got an
access error on

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET
Files\<my service>\ffc157b7\...

The solution I found was to delete all the temporary files\folders for
the service

i.e.

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Tempo rary ASP.NET
Files\<my service> and below

and then invoke the service with impersonation turned on.

It then worked fine.
My hypothesis - though I haven't confirmed it - is that if you start
the service without impersonation, the owner of the temp files is
ASPNET. When you turn impersonation on, unless the new account has
enough privileges to read these temp files (say it is in the admin
group) you will get an access error.

If you delete the temp files and start the service/site with
impersonation on, then the owner is the impersonating ID and everything
works fine.
hth,
Alan.

Feb 15 '06 #2
Thanks for your solution. I have already granted access to the
temporary asp.net directory to the impersonated user. So they
shouldn't be any issues. but knowing MS there probably is.

Unfortunatley, tried it, but it hasn't solved my problem. Anyone out
there with any other ideas, or better yet - hoe can I write these files
to this remote server in .net NOT using impersonation?

Feb 15 '06 #3

"Phil" <ph***********@gmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
| Thanks for your solution. I have already granted access to the
| temporary asp.net directory to the impersonated user. So they
| shouldn't be any issues. but knowing MS there probably is.
|
| Unfortunatley, tried it, but it hasn't solved my problem. Anyone out
| there with any other ideas, or better yet - hoe can I write these files
| to this remote server in .net NOT using impersonation?
|

According the stacktrace, the problem is that you can't run
"c:\windows\microsoft.net\framework\v1.1.4322\csc. exe" while impersonating,
that means that the impersonated account has not "execute rights" for
csc.exe.

Note that impersonating at this level is a bad thing, you should inpersonate
in code, or better run this outside your web application, for instance in an
out-proc COM+ server application that runs with a fixed identity.

Willy.

Feb 15 '06 #4
Willy,

Thanks, I understand the risks invovled but just need to get this
working in test. I read the error message to mean the same. The problem
is the impersonation account has access to read & execute in the
c:\windows\microsoft.net\framework\v1.1.4322\ folder.

This is why it doesn't make sense. Also I only get this error after
writing to the shared drive, which works. Anyone else any pointers.
(whilst I've been away I've also coded the impersonation, and that
isn't working either!).

Feb 17 '06 #5

"Phil" <ph***********@gmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
| Willy,
|
| Thanks, I understand the risks invovled but just need to get this
| working in test. I read the error message to mean the same. The problem
| is the impersonation account has access to read & execute in the
| c:\windows\microsoft.net\framework\v1.1.4322\ folder.
|
| This is why it doesn't make sense. Also I only get this error after
| writing to the shared drive, which works. Anyone else any pointers.
| (whilst I've been away I've also coded the impersonation, and that
| isn't working either!).
|

What's the asp.net process identity? The CSC command is run by the worker
process, not by the impersonated client.
Willy.
Feb 17 '06 #6
Thanks again Willy, I don't know how to check what the asp.net process
identity is. How do I find out?

Feb 17 '06 #7

"Phil" <ph***********@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
| Thanks again Willy, I don't know how to check what the asp.net process
| identity is. How do I find out?
|

Hmmmm, if you don't know it, it's probably because you never changed the
default, in that case I must be wrong, in that the CSC command doesn't run
under the process identity, but uses the impersonated identity to execute
CSC [1].

Anyway, it's defined in your machine.config file (note this is only for W2K
and XP) in the section processModel (look under Framework\v1.1.4322\CONFIG
for the file).
In this section you'll find userName attribute, possible values are:
- machine which defaults to "aspnet" for W2K and XP
- SYSTEM stands for "localsystem" or "SYSTEM"
- or a windows user name. (local or domain).
On W2K3 the default worker process identity is "network user"

[1] Try to enable "file access auditing" on the framework directory path,
that way you will get a message in the security event log telling exactly
which user fails to access this directory.

Willy.


Feb 17 '06 #8
Willy,

userName="machine"

Is in my machine.config.

I've enabled logging I think on NETWORK, NETWORK SERVICE, ASP.NET,
Internet User Account and my imperonsated user. I've caused the
program to fall over, and there's nothing in the security logs
(assuming you mean, Computer Management>System Tools>Event
Viewer>Security).

Feb 20 '06 #9
Willy,

Some more information. The error in accessing csc only happens after a
files has been written to the sharded directory. Until then the .net
application works fine runnin under the impersontation.

After writing to the shared folder, every application running under IIS
starts to error showing the same error page - even .net applications
that aren't using impersonation.

The servers are all being hosted by a third party, there is no domain
(all machnies are under the WORKGROUP, workgroup). I have setup
duplicate local users one each machine with the same username and
password.

I really think I've found a bug in .net 1.1, should I raise a MS
support ticket?

Feb 22 '06 #10

"Phil" <ph***********@gmail.com> wrote in message
news:11*********************@g47g2000cwa.googlegro ups.com...
| Willy,
|
| Some more information. The error in accessing csc only happens after a
| files has been written to the sharded directory. Until then the .net
| application works fine runnin under the impersontation.
|
| After writing to the shared folder, every application running under IIS
| starts to error showing the same error page - even .net applications
| that aren't using impersonation.
|
| The servers are all being hosted by a third party, there is no domain
| (all machnies are under the WORKGROUP, workgroup). I have setup
| duplicate local users one each machine with the same username and
| password.
|
| I really think I've found a bug in .net 1.1, should I raise a MS
| support ticket?
|

IMO this is not a bug, if I understand you correctly, it means that
everything is fine until some-one writes new data to the share, right? Does
it also mean that all existing CS files aren't accessible any longer? Who is
the user writing to this share? Have you checked the security privileges
before and after a write of a new file, somehow these must have changed.
I'm also not clear on how you did set you "duplicate users", your asp.net
worker process runs as "aspnet" (as per your previous posting), this is a
local machine account (automatcally created) and CANNOT be duplicated, so I
wonder how/what you did! Note that this is the account running CSC, so I'm
affraid you messed with the configuration settings of your web server.

Willy.

Feb 22 '06 #11
Thanks Willy for getting back to me.

The duplicated account is the impersonation account. This account has
the access to read/write to the share. This account is setup on both
our webservers, and on the server with the shared folder that we are
writing too.

I haven't changed any settings on the webserver apart from giving this
impersonation account the access specified in the MSDN article. (Things
like read/write access to the .net temporary folders, read access to
the assembly folder, etc).

How can writing to a shared folder in one .net application, have the
impact that all other .net applications running then start to fail? I
have double checked the access, and as I say, everything works fine
under impersonation - until the point of writing the file (which does
work so authority to write to the share folder is being given by
windows 2003).

I don't think anyone can solve this problem, so I'm now looking to
setup real-time synchronisation between our web servers, so that files
created on one are accessible to the other.
From all my googling - it looks like I'm the only one in the world

with the issue.

Feb 24 '06 #12
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Impersonation
by: seandiaz | last post by:
I have a question concerning impersonation - I created an app using impersonation that runs fine on my local machine. I also ran the app on two other developer machines and it runs fine. When I...
.NET Framework
1
Why the impersonation work in one case and not the other?
by: CyberDigger | last post by:
I have two computers, client and server. The client is running Windows 2000 Professional and is in a workgroup, say "MyWorkgroup". The server is running Windows Server 2003 Standard Edition and...
.NET Framework
1
Impersonation failure with Index Server and Forms Authentication with Active Directory
by: techfuzz | last post by:
I'm posting my problem experience and solution I found here for other ASP.NET developers. I have a web application that uses Forms Authentication with Active Directory to control access. In...
ASP.NET
2
Impersonation issues
by: Tom Wells | last post by:
My server admin and I are trying to figure out how to get impersonation working to be able to upload a file from the client browser thru the web server to a network file server. My network ID for...
ASP.NET
1
ASP.NET Impersonation to access Oracle database...
by: Top Poster | last post by:
Hi all, I am trying to work out how I can use impersonation to connect to an Oracle 9i database such that I can avoid sending a clear text username and password to the Oracle server. We are...
ASP.NET
0
Impersonation - 1314 Marshal.GetLastWin32Error
by: Jim Heavey | last post by:
Hello, I have been taking a swing at learning how I can use Impersonation via code and I am getting back an error code of 1314. By searching the internet, I have come to believe that this error...
ASP.NET
0
Impersonation Problem
by: velvet.graham | last post by:
I'm having a difficult time with impersonation. I've created an impersonation class. Here is the code below: ******Impersonation Class Code********* Imports System Imports System.Web.Security...
ASP.NET
8
Global.asax not allowing identity impersonation?
by: Doug | last post by:
Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET Not allowed to use the ASPNET machine account in SQL Server (very strict environment). Need to use Windows authentication, so we use...
ASP.NET
0
non-reproducable problems with impersonationin asp.net: login failed for user 'null' after impersonation
by: Daniel Knöpfel | last post by:
Hello On our asp.net 2.0 website we impersonate every request to the identity of the user logged in. This works this way: 1. user logs in, providing username, password 2. user is authenticated...
ASP.NET
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!