Re: Global.asax not allowing identity impersonation?

From: "bruce barker \(sqlwork.com\)" <b_r_u_c_e_removeunderscores@xxxxxxxxxxx>
Date: Tue, 27 Jun 2006 12:37:08 -0700

When you set Identity Impersonate=true, this means impersonate during the
request processing. Processing in global.asax is generally outside the
request processing. If you are on server 2003, you should use an application
pool, with identity with access to the serverserver. you could also specify
the account/password in the web.config (use the encrypted registry support).

-- bruce (sqlwork.com)

"Doug" <spamworks@xxxxxxxxx> wrote in message
news:1151435440.537157.176420@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Visual Studio 2005, SQL Server 2000, ASP.NET/VB.NET

Not allowed to use the ASPNET machine account in SQL Server (very
strict environment).

Need to use Windows authentication, so we use "Identity
Impersonate=true" in the web.config file.

Trying to implement a system-wide error trapping mechanism. Nothing
fancy, just writing to a log file. The recommended procedure was to
define "CustomErrors=On" in web.config and manually add a "Global.asax"
file to the solution that included code in the "Application_Error"
section to handle the error.

This worked fine on the development box, but when moved over to the
test environment (the one *without* the ASPNET user account), it fails
with the error listed at the bottom of this post.

Is it because the "Global.asax" file is compiled and the ASPNET user
account is the one that performs those tasks? But what about "Identity
Impersonate"? Is it being overridden? Has the impersonation not taken
place yet? (Again, there is no fancy code in Global.asax; I even
removed all code that I had added and had the same result:

"Error [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user '<machine-name>\ASPNET'"

(If you wish, you may refer to a prior, related thread located here:
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_frm/thread/fd7291cddea9e3a4/efed08acd2d6fc85?
)

Please help. Thank you.

Follow-Ups:
- Re: Global.asax not allowing identity impersonation?
  - From: Doug
- Re: Global.asax not allowing identity impersonation?
  - From: Doug

References:
- Global.asax not allowing identity impersonation?
  - From: Doug

Prev by Date: Re: DropDownListBox: I want to 'limit to list'
Next by Date: Re: Is there anyway to detect a F5-Refresh
Previous by thread: Global.asax not allowing identity impersonation?
Next by thread: Re: Global.asax not allowing identity impersonation?
Index(es):
- Date
- Thread

Relevant Pages

Re: Sql Reporting Serviced - > ASP.NET ACCESS DENIED!
... The account you are logging in to when on the server doesn't have the ... do you have <Impersonate> set to True? ... > Exception Details: System.UnauthorizedAccessException: Access to the path ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Kerberos protocol transition is not working over DCOM
... can see the COM+ component's constructor being called on the server side. ... I haven't yet tried with a normal account. ... The account calling LsaLogonUser is service1 and it has the above six ... user1 is the account I'm trying to impersonate. ...
(microsoft.public.platformsdk.security)
Re: security on the web.config file
... the reason I use the impersonate is the web site will allow ... different network shares on multiple servers so the impersonated account has ... the .config file can only we accessed from the server ...
(microsoft.public.dotnet.framework.aspnet)
Re: Win2000 Impersonation weirdness? (or is it a conundrum?)
... Is the server joined to a domain? ... priveleges to impersonate in a domain. ... The privilege need not be ... > default as an unprivileged account ...
(microsoft.public.security)
Re: Win2000 Impersonation weirdness? (or is it a conundrum?)
... Is the server joined to a domain? ... priveleges to impersonate in a domain. ... The privilege need not be ... > default as an unprivileged account ...
(microsoft.public.win2000.security)