Microsoft KB Archive/821255

= &quot;Error While Trying to Run Project&quot; Error Message Occurs When You Debug a Web Application in Visual Studio .NET =

Article ID: 821255

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 4
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-





SYMPTOMS
When you create a Web application in Microsoft Visual Studio .NET and then press F5 to debug the application, you may receive the following error message:

Error while trying to run project: Unable to start debugging on the Web server. Access is denied.

Would you like to disable future attempts to debug ASP.NET pages for this project?



CAUSE
This issue occurs if the account that is used to run the ASP.NET Worker process (by default, the ASPNET user account) is not assigned the &quot;Impersonate a client after authentication&quot; user right in the Local Security Policy settings. This issue may occur when you install Microsoft Visual Studio .NET after you install Windows 2000 Service Pack 4 (SP4) on the computer. In this situation, the ASPNET account is not assigned the &quot;Impersonate a client after authentication&quot; user right in the Local Security Policy settings.

The &quot;Impersonate a client after authentication&quot; user right (also named SeImpersonatePrivilege) is a new Windows 2000 security setting that was first included in Windows 2000 SP4. For more information about the new security settings introduced in Windows 2000 SP4, including the &quot;Impersonate a client after authentication&quot; user right, see the &quot;More Information&quot; section later in this article.



WORKAROUND
To work around this issue, assign the &quot;Impersonate a client after authentication&quot; user right to the ASPNET account in the Local Security Policy settings:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
 * 2) Double-click Local Policies, and then click User Rights Assignment.
 * 3) In the right pane, double-click Impersonate a client after authentication.
 * 4) In the Local Security Policy Setting dialog box, click Add.
 * 5) In the Select Users or Group dialog box, click ASPNET, click Add, and then click OK.
 * 6) Click OK.



MORE INFORMATION
The &quot;Impersonate a client after authentication&quot; user right (also named SeImpersonatePrivilege) helps to increase security in Windows 2000. (This user right was first included in Windows 2000 SP4.) This security setting helps to prevent unauthorized servers from impersonating clients that connect to it through methods such as remote procedure calls (RPC) or named pipes. For additional information about the security settings that are introduced in Windows 2000 SP4, including the &quot;Impersonate a client after authentication&quot; user right, click the following article number to view the article in the Microsoft Knowledge Base:

821546 Overview of the &quot;Impersonate a Client After Authentication&quot; and the &quot;Create Global Object&quot; Security Settings

For additional information about how to obtain the latest service pack for Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

For additional information about how to assign user rights in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:

220019 HOW TO: Set User Rights in Windows 2000

Keywords: kbnofix kbbug KB821255

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.