impersonation fails on production machine

  • Thread starter Thread starter Seth Darr
  • Start date Start date
S

Seth Darr

OK I am at my wits end and I hope that someone can help me. I've got an
ASP.NET web app that generates dynamic excel spreadsheets via COM. It
does this work in a seperate subdirectory called "reports" and uses
impersonation of the ReportWriter account in its own Web.config file in
that directory.

ReportWriter is an account on the machine in the Administrator group,
yet I get the following error when I try and even visit the first page
in that directory (NOT when I try to first create a spreadsheet):

Server Error in '/subsurv' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration
file required to service this request. Please review the specific error
details below and modify your configuration file appropriately.

Parser Error Message: Could not create Windows user token from the
credentials specified in the config file. Error from the operating
system 'A required privilege is not held by the client. '

Source Error:


Line 4: <system.web>
Line 5:
Line 6: <identity impersonate="true" userName="ReportWriter"
password="blahblahblah" />
Line 7: <customErrors mode="Off" />
Line 8: </system.web>


Source File: C:\Inetpub\wwwroot\subsurv\reports\web.config Line: 6


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.0.3705.6018;
ASP.NET Version:1.0.3705.6018



The most aggrevating part is that it works just great on my development
machine. I have tried matching all IIS and user/group settings as
closely as possible. I have the same version of the .NET Framework on
both machines (1.0 SP3). I have tried uninstalling and reinstalling the
..NET Framework,
deleting and recreating the ReportWriter account. It doesn't seem to
want to impersonate ANY account, actually, it gets the same error. I
have added shares up the wazoo and probably a million
other stabs in the dark, to no effect.

Does anyone have any suggestions?! I'm relatively new to the .NET world,
but I think I've run out of ideas. Upgrading to the 1.1 Framework is
not an option at this point as I am still presently using VS Studio .NET
2002 and some initially testing on the 1.1 exposed some new bugs that I
don't want to address until I upgrade to VS .NET 2003.

HEEEELLPPP!!! Thanks in advance. If anyone needs to see any code or
whatnot I'll post it, but it doesn't seem to me to be a issue with my
code. My development machine is XP Pro, target machine is 2000 Server.

-Seth
 
I dont believe its complaining about ReportWriter. Instead, its complaining
about ASPNET account used to run the ASP.NET application. I think it needs
SeImpersonatePrivilege privilege to do what you are trying to do.

To do this, follow these steps:
1.. Click Start, point to Programs, point to Administrative Tools, and
then click Local Security Policy.
2.. Expand Local Policies, and then click User Rights Assignment.
3.. In the right pane, double-click Impersonate a client after
authentication.
4.. In the Local Security Policy Setting dialog box, click Add.
5.. In the Select Users or Group dialog box, click the user account that
you want to add, click Add, and then click OK.
6.. Click OK.
HTH,
 
Didn't solve it. the ASPNET account was already there under that
privilege. I added ReportWriter there and it had no effect.
Incidentally I have also tried adding ASPNET to the Administrator
group to no effect. Any other ideas?
 
Back
Top