PRB: Per Request Impersonation Does Not Work on Windows 2000 with ASP.NET (810204)
The information in this article applies to:
- Microsoft ASP.NET (included with the .NET Framework) 1.0, when used with:
- the operating system: Microsoft Windows 2000
SYMPTOMSWhen an ASP.NET application impersonates a specific user by
providing credentials as specified in the Web.config configuration file, you
receive the following error message in Windows 2000:
Server Error in '/WebApplication2' Application Configuration
Error Description: An error occurred during the processing of a
configuration file required to service this request. Please review the specific
error details below and modify your configuration file
appropriately. Parser Error Message: Could not create Windows user
token from the credentials specified in the config file. Error from the
operating system 'A required privilege is not held by the client.' Source
Error:
Line 21: <!-- Impersonating
Line 22: -->
Line 23: <identity impersonate="true" userName="username" password="password"/>
Line 24:
Line 25:
Source File: c:\inetpub\wwwroot\WebApplication2\web.config Line:
23 Version Information: Microsoft .NET Framework Version:1.0.3705.0;
ASP.NET Version:1.0.3705.0 CAUSEThis error occurs when you enable impersonation for a
specific user identity. ASP.NET tries to generate an access token by calling
the LogonUser Win32 API .To call LogonUser in Windows 2000, the process owner must have the SE_TCB_NAME (To
Act as Part of the Operating System) user right. The ASPNET account has the
least user rights and does not possess the SE_TCB_NAME user right.
STATUS This
behavior is by design.REFERENCES For additional information, click the
following article numbers to view the articles in the Microsoft Knowledge Base:
329290
HOW TO: Use the ASP.NET Utility to Encrypt Credentials and Session State Connection Strings
306158 INFO:
Implementing Impersonation in an ASP.NET Application
Modification Type: | Minor | Last Reviewed: | 7/11/2005 |
---|
Keywords: | kbSecurity kbprb KB810204 kbAudDeveloper |
---|
|