ASP.Net security after SP4 on W2k Server

[Mathew]

Hello:

I have an app that has been running for several months, but
after installing SP4 on the Win2k server, it would no
longer run.

First I had a TemplateControl parser exception when the
server tried to compile and run the ASPX page. (Which runs
fine on my workstation).

After stripping out everything from the page except the
line linking to the code behind, I was able to run again.

However, when I try to call a function in the page (by
passing an url parameter) that uses a SQL Server database,
I get some kind of security exception:


[InvalidOperationException: Computer name could not be
obtained.]
System.Environment.get_MachineName() +155
System.Data.SqlClient.SqlConnectionString.MachineName() +167

System.Data.SqlClient.SqlConnectionString.WorkStationId() +27

System.Data.SqlClient.SqlConnectionString.CheckSetNetwork()
+124

System.Data.SqlClient.SqlConnectionString.ValidateParse() +683
System.Data.Common.DBConnectionString..ctor(String
connectionString, UdlSupport checkForUdl) +144
System.Data.SqlClient.SqlConnectionString..ctor(String
connectionString) +13

System.Data.SqlClient.SqlConnectionString.ParseString(String
connectionString) +96

System.Data.SqlClient.SqlConnection.set_ConnectionString(String
value) +11
CIS.Data.Connection.set_ConnectionString(String Value)
CIS.Data.Connection..ctor(String connectString)
CIS.Data.Database..ctor(Object connectionstring)
webtrack.frmProTrack.DoLogin()
webtrack.frmProTrack.Page_Load(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573


How do I change the security to make this work again? I
have the ASP.Net process impersonating a network login with
access to see the SQL Server machine, and login to SQL Server.

Thanks,
Mat

 

[Jim Cheshire [MSFT]]

Mathew,

Does the process account (ASPNET by default) have the
SeImpersonatePrivilege (Impersontate a client after authentication) user
right? If not, you'll need to give it that right.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------

Content-Class: urn:content-classes:message
From: "Mathew" <[email protected]>
Sender: "Mathew" <[email protected]>
Subject: ASP.Net security after SP4 on W2k Server
Date: Mon, 17 Nov 2003 13:57:33 -0800
Lines: 60
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOtVc35V6v4yNzNTribdBdO3IBgAA==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:191531
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Hello:
I have an app that has been running for several months, but
after installing SP4 on the Win2k server, it would no
longer run.
First I had a TemplateControl parser exception when the
server tried to compile and run the ASPX page. (Which runs
fine on my workstation).
After stripping out everything from the page except the
line linking to the code behind, I was able to run again.
However, when I try to call a function in the page (by
passing an url parameter) that uses a SQL Server database,
I get some kind of security exception:
[InvalidOperationException: Computer name could not be
obtained.]
System.Environment.get_MachineName() +155
System.Data.SqlClient.SqlConnectionString.MachineName() +167

System.Data.SqlClient.SqlConnectionString.WorkStationId() +27

System.Data.SqlClient.SqlConnectionString.CheckSetNetwork()
+124

System.Data.SqlClient.SqlConnectionString.ValidateParse() +683
System.Data.Common.DBConnectionString..ctor(String
connectionString, UdlSupport checkForUdl) +144
System.Data.SqlClient.SqlConnectionString..ctor(String
connectionString) +13

System.Data.SqlClient.SqlConnectionString.ParseString(String
connectionString) +96

System.Data.SqlClient.SqlConnection.set_ConnectionString(String
value) +11
CIS.Data.Connection.set_ConnectionString(String Value)
CIS.Data.Connection..ctor(String connectString)
CIS.Data.Database..ctor(Object connectionstring)
webtrack.frmProTrack.DoLogin()
webtrack.frmProTrack.Page_Load(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731
--------------------------------------------------------------------------- -----
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
How do I change the security to make this work again? I
have the ASP.Net process impersonating a network login with
access to see the SQL Server machine, and login to SQL Server.
Thanks,
Mat

 

[Guest]

I was able to fix this by taking your advice.
In the domain controller, under the default policy, add
the desired users to the Enable Impersonatation setting.

This is probably why I wasn't able to compile before as
well.

-----Original Message-----
Mathew,

Does the process account (ASPNET by default) have the
SeImpersonatePrivilege (Impersontate a client after authentication) user
right? If not, you'll need to give it that right.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------

Content-Class: urn:content-classes:message
From: "Mathew" <[email protected]>
Sender: "Mathew" <[email protected]>
Subject: ASP.Net security after SP4 on W2k Server
Date: Mon, 17 Nov 2003 13:57:33 -0800
Lines: 60
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOtVc35V6v4yNzNTribdBdO3IBgAA==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:191531
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Hello:
I have an app that has been running for several months, but
after installing SP4 on the Win2k server, it would no
longer run.
First I had a TemplateControl parser exception when the
server tried to compile and run the ASPX page. (Which runs
fine on my workstation).
After stripping out everything from the page except the
line linking to the code behind, I was able to run again.
However, when I try to call a function in the page (by
passing an url parameter) that uses a SQL Server database,
I get some kind of security exception:
[InvalidOperationException: Computer name could not be
obtained.]
System.Environment.get_MachineName() +155
System.Data.SqlClient.SqlConnectionString.MachineName () +167

System.Data.SqlClient.SqlConnectionString.WorkStationId () +27

System.Data.SqlClient.SqlConnectionString.CheckSetNetwor k()
+124

System.Data.SqlClient.SqlConnectionString.ValidateParse () +683
System.Data.Common.DBConnectionString..ctor(String
connectionString, UdlSupport checkForUdl) +144
System.Data.SqlClient.SqlConnectionString..ctor (String
connectionString) +13

System.Data.SqlClient.SqlConnectionString.ParseString (String
connectionString) +96

System.Data.SqlClient.SqlConnection.set_ConnectionString (String
value) +11
CIS.Data.Connection.set_ConnectionString(String Value)
CIS.Data.Connection..ctor(String connectString)
CIS.Data.Database..ctor(Object connectionstring)
webtrack.frmProTrack.DoLogin()
webtrack.frmProTrack.Page_Load(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731
--------------------------------------------------------

-------------------

-----
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
How do I change the security to make this work again? I
have the ASP.Net process impersonating a network login with
access to see the SQL Server machine, and login to SQL Server.
Thanks,
Mat

.

 

[Jim Cheshire [MSFT]]

Glad to know it's fixed, Mathew.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------

Content-Class: urn:content-classes:message
From: <[email protected]>
Sender: <[email protected]>
References: <[email protected]>

Subject: RE: ASP.Net security after SP4 on W2k Server
Date: Tue, 18 Nov 2003 13:02:47 -0800
Lines: 116
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuF1GBA2GnXGsQSj2Xmuqq1GUuHQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:191818
NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I was able to fix this by taking your advice.
In the domain controller, under the default policy, add
the desired users to the Enable Impersonatation setting.

This is probably why I wasn't able to compile before as
well.

-----Original Message-----
Mathew,

Does the process account (ASPNET by default) have the
SeImpersonatePrivilege (Impersontate a client after authentication) user
right? If not, you'll need to give it that right.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------

Content-Class: urn:content-classes:message
From: "Mathew" <[email protected]>
Sender: "Mathew" <[email protected]>
Subject: ASP.Net security after SP4 on W2k Server
Date: Mon, 17 Nov 2003 13:57:33 -0800
Lines: 60
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOtVc35V6v4yNzNTribdBdO3IBgAA==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:191531
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Hello:
I have an app that has been running for several months, but
after installing SP4 on the Win2k server, it would no
longer run.
First I had a TemplateControl parser exception when the
server tried to compile and run the ASPX page. (Which runs
fine on my workstation).
After stripping out everything from the page except the
line linking to the code behind, I was able to run again.
However, when I try to call a function in the page (by
passing an url parameter) that uses a SQL Server database,
I get some kind of security exception:
[InvalidOperationException: Computer name could not be
obtained.]
System.Environment.get_MachineName() +155
System.Data.SqlClient.SqlConnectionString.MachineName () +167

System.Data.SqlClient.SqlConnectionString.WorkStationId () +27

System.Data.SqlClient.SqlConnectionString.CheckSetNetwor k()
+124

System.Data.SqlClient.SqlConnectionString.ValidateParse () +683
System.Data.Common.DBConnectionString..ctor(String
connectionString, UdlSupport checkForUdl) +144
System.Data.SqlClient.SqlConnectionString..ctor (String
connectionString) +13

System.Data.SqlClient.SqlConnectionString.ParseString (String
connectionString) +96

System.Data.SqlClient.SqlConnection.set_ConnectionString (String
value) +11
CIS.Data.Connection.set_ConnectionString(String Value)
CIS.Data.Connection..ctor(String connectString)
CIS.Data.Database..ctor(Object connectionstring)
webtrack.frmProTrack.DoLogin()
webtrack.frmProTrack.Page_Load(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731
--------------------------------------------------------

-------------------

-----
Version Information: Microsoft .NET Framework
Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
How do I change the security to make this work again? I
have the ASP.Net process impersonating a network login with
access to see the SQL Server machine, and login to SQL Server.
Thanks,
Mat

.

 

[Matt Vording]

Based on the amount of virus spam in my spamcatcher, other people have
read or had this problem.

Here's a Microsoft support link that solved it:

BUG: IWAM Account Is Not Granted the Impersonate Privilege for ASP.NET
1.1 on a Windows 2000 Domain Controller with SP4
http://support.microsoft.com/default.aspx?kbid=824308