"Error While Trying to Run Project" Error Message Occurs When You Debug a Web Application in Visual Studio .NET (821255)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Professional SP4

SYMPTOMS

When you create a Web application in Microsoft Visual Studio .NET and then press F5 to debug the application, you may receive the following error message:
Error while trying to run project: Unable to start debugging on the Web server. Access is denied.
Would you like to disable future attempts to debug ASP.NET pages for this project?

CAUSE

This issue occurs if the account that is used to run the ASP.NET Worker process (by default, the ASPNET user account) is not assigned the "Impersonate a client after authentication" user right in the Local Security Policy settings. This issue may occur when you install Microsoft Visual Studio .NET after you install Windows 2000 Service Pack 4 (SP4) on the computer. In this situation, the ASPNET account is not assigned the "Impersonate a client after authentication" user right in the Local Security Policy settings.

The "Impersonate a client after authentication" user right (also named SeImpersonatePrivilege) is a new Windows 2000 security setting that was first included in Windows 2000 SP4. For more information about the new security settings introduced in Windows 2000 SP4, including the "Impersonate a client after authentication" user right, see the "More Information" section later in this article.

WORKAROUND

To work around this issue, assign the "Impersonate a client after authentication" user right to the ASPNET account in the Local Security Policy settings:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Double-click Local Policies, and then click User Rights Assignment.
  3. In the right pane, double-click Impersonate a client after authentication.
  4. In the Local Security Policy Setting dialog box, click Add.
  5. In the Select Users or Group dialog box, click ASPNET, click Add, and then click OK.
  6. Click OK.

MORE INFORMATION

The "Impersonate a client after authentication" user right (also named SeImpersonatePrivilege) helps to increase security in Windows 2000. (This user right was first included in Windows 2000 SP4.) This security setting helps to prevent unauthorized servers from impersonating clients that connect to it through methods such as remote procedure calls (RPC) or named pipes. For additional information about the security settings that are introduced in Windows 2000 SP4, including the "Impersonate a client after authentication" user right, click the following article number to view the article in the Microsoft Knowledge Base:

821546 Overview of the "Impersonate a Client After Authentication" and the "Create Global Object" Security Settings

For additional information about how to obtain the latest service pack for Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

For additional information about how to assign user rights in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

220019 HOW TO: Set User Rights in Windows 2000

Modification Type:MajorLast Reviewed:6/20/2003
Keywords:kbnofix kbBug KB821255 kbAudEndUser kbAudITPRO kbAudOEM kbAudDeveloper
©2003 Microsoft Corporation. All rights reserved.