Impersonation, ASP.NET and IS via OLEDB

Hi,

I've been battling the problem of performing an Index Server search via
OLEDB from ASP.NET whilst impersonating the end-user (windows auth) for quite
a while.

I've had it working on Win2K for the last 8 months, using programatic rather
than declarative impersonation, but could never get it going on WinXP Pro.
MSFT (Wen-Jun Zhang) confirmed back in August 04 that this had been listed as
a bug *and* that Windows Server 2003 wasn't affected.

I've just migrated our application to Win2K3 and found that I'm getting
exactly the same error as XP Pro produces.

To re-cap, I get an "Access Denied" message from the OLEDB provider whenever
I perform a search whilst impersonating the end-user and having previously
run a SET command to alias a custom property (from an HTML meta-tag).

I have a simple web form that reproduces the error for me if that's of to
anyone.

I've run regmon and filemon and can't see anything obvious + I've truned on
quite a bit of security auditing and don't see any failure audits.

One small bit of progress was that when I configured the app pool to run as
LocalSystem, the error went away. Unfortunately, running our application as
LocalSystem is not acceptable.

I'd appreciate info from anyone at MSFT regarding whether or not the bug has
been fixed, and if so whether a patch is available.

I'd welcome any help/advice from anyone else on working this out....

cheers,
Matt Thurlow


.