Wimdows.NET

Wim's .NET blog

ASP.NET Impersonation on Windows 2000 - update

A while ago, I posted about some problems I ran into when using ASP.NET code impersonation on a Windows 2000 Server (SP4). We even logged a Microsoft Support call for it.

Anyway, as with most time consuming issues, it turned out there was a very simple solution. As it states in the Knowlegde Base article, the local ASPNET account should be granted the 'Act as part of the operating system' privilege (this does not seem to be required on Windows Server 2003). The KB article 306158 forgets to add that this will require an IIS reset for it to have effect.

Logical if you think about it maybe...in hindsight.

Posted: Jul 12 2004, 11:45 AM by Wim | with 4 comment(s)
Filed under: ,

Comments

David Cumps said:

I'll have to face this issue as well in the future, do you have any info on the security aspect of granting ASPNET that privilege?
# July 12, 2004 10:43 AM

Wim said:

More info can be found here:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/525.asp

It can be a security risk, but IMHO only in combination with other high-level privileges as 'Log on Locally' etc. The ASPNET account is pretty much a low-privileged account by default.
# July 12, 2004 11:07 AM

David said:

Hi,

How do I make ASPNET account to "Act as part of the operating system"?...

Thanks.

# October 18, 2007 2:46 PM

Running ReportViewer Control on Windows 2000 : BCE Solutions said:

Pingback from  Running ReportViewer Control on Windows 2000 : BCE Solutions

# April 30, 2008 5:25 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)