Microsoft KB Archive/323293: Difference between revisions
(importing KB archive) |
m (Text replacement - ">" to ">") |
||
(One intermediate revision by the same user not shown) | |||
Line 79: | Line 79: | ||
<ul> | <ul> | ||
<li>Disable impersonation for the whole ASP.NET Web application. This is the default setting.</li> | <li>Disable impersonation for the whole ASP.NET Web application. This is the default setting.</li> | ||
<li><p>Disable impersonation only for the particular .aspx page that does the Index Server search. To do this, add a | <li><p>Disable impersonation only for the particular .aspx page that does the Index Server search. To do this, add a <location> tag to the Web.config file as follows:</p> | ||
<pre class="codesample"> | <pre class="codesample"><location path="filename.aspx"> | ||
<system.web> | |||
<identity impersonate="false" /> | |||
</system.web> | |||
</location> | |||
</pre></li></ul> | </pre></li></ul> | ||
If these workarounds are not acceptable to you, you may change the security context under which the ASP.NET worker process runs to the SYSTEM account. However, Microsoft does not recommend that you set the security context of the ASP.NET worker process to the SYSTEM account because the SYSTEM account is a highly privileged Administrator account on the Web server computer. Use this workaround ''only'' if none of the other workarounds are acceptable to you.<br /> | If these workarounds are not acceptable to you, you may change the security context under which the ASP.NET worker process runs to the SYSTEM account. However, Microsoft does not recommend that you set the security context of the ASP.NET worker process to the SYSTEM account because the SYSTEM account is a highly privileged Administrator account on the Web server computer. Use this workaround ''only'' if none of the other workarounds are acceptable to you.<br /> | ||
<br /> | <br /> | ||
To change the security context under which the ASP.NET worker process runs, set the '''userName''' attribute to '''SYSTEM''', and then set the '''Password''' attribute to '''autogenerate''' in the ''' | To change the security context under which the ASP.NET worker process runs, set the '''userName''' attribute to '''SYSTEM''', and then set the '''Password''' attribute to '''autogenerate''' in the '''<processModel>''' section of the Machine.config file. The Machine.config file is located in the C:\<code>Windows Directory</code>\Microsoft.Net\Framework\v1.0.3705\Config folder. | ||
</div> | </div> | ||
Line 109: | Line 109: | ||
<li>Create an ASP.NET Web application.</li> | <li>Create an ASP.NET Web application.</li> | ||
<li><p>Add the following code in the HTML of an .aspx page:</p> | <li><p>Add the following code in the HTML of an .aspx page:</p> | ||
<pre class="codesample"> | <pre class="codesample"><%@ Page language="c#" %> | ||
<% | |||
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection("provider=msidxs;"); | System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection("provider=msidxs;"); | ||
Line 122: | Line 122: | ||
da.Fill(ds, "SearchResults"); | da.Fill(ds, "SearchResults"); | ||
Response.Write("Search Results: | Response.Write("Search Results: <br>"); | ||
for (int i = 0; i | for (int i = 0; i < ds.Tables[0].Rows.Count; i++) | ||
{ | { | ||
Response.Write(" | Response.Write("<br>" + ds.Tables[0].Rows[i]["vpath"].ToString()); | ||
} | } | ||
% | %> | ||
</pre></li> | </pre></li> | ||
<li><p>Modify the Web.config file to enable impersonation as follows:</p> | <li><p>Modify the Web.config file to enable impersonation as follows:</p> | ||
<pre class="codesample"> | <pre class="codesample"><identity impersonate="true" /> | ||
</pre></li> | </pre></li> | ||
<li>Make sure that the security context under which the Aspnet_wp.exe worker process runs is the ASPNET account. To do this, set the '''userName''' attribute to '''machine''', and then set the '''Password''' attribute to '''autogenerate''' in the ''' | <li>Make sure that the security context under which the Aspnet_wp.exe worker process runs is the ASPNET account. To do this, set the '''userName''' attribute to '''machine''', and then set the '''Password''' attribute to '''autogenerate''' in the '''<processModel>''' section of the Machine.config file.<br /> | ||
<br /> | <br /> | ||
'''Note''' By default, the ASP.NET worker process is set to run under the security context of the restricted ASPNET account.</li> | '''Note''' By default, the ASP.NET worker process is set to run under the security context of the restricted ASPNET account.</li> |
Latest revision as of 10:18, 21 July 2020
Article ID: 323293
Article Last Modified on 7/5/2006
APPLIES TO
- Microsoft ASP.NET 1.0
- Microsoft Index Server 2.0
- Microsoft OLE DB Provider for Index Server 3.0
This article was previously published under Q323293
SYMPTOMS
When you search against Index Server through an ASP.NET page, you may receive the following error message:
This behavior is observed only if you enable impersonation for the ASP.NET Web application and if the security context under which the ASP.NET worker process (Aspnet_wp.exe) runs is the ASPNET account.
RESOLUTION
Service pack information
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
WORKAROUND
Use one of the following methods to work around this problem:
- Disable impersonation for the whole ASP.NET Web application. This is the default setting.
Disable impersonation only for the particular .aspx page that does the Index Server search. To do this, add a <location> tag to the Web.config file as follows:
<location path="filename.aspx"> <system.web> <identity impersonate="false" /> </system.web> </location>
If these workarounds are not acceptable to you, you may change the security context under which the ASP.NET worker process runs to the SYSTEM account. However, Microsoft does not recommend that you set the security context of the ASP.NET worker process to the SYSTEM account because the SYSTEM account is a highly privileged Administrator account on the Web server computer. Use this workaround only if none of the other workarounds are acceptable to you.
To change the security context under which the ASP.NET worker process runs, set the userName attribute to SYSTEM, and then set the Password attribute to autogenerate in the <processModel> section of the Machine.config file. The Machine.config file is located in the C:\Windows Directory
\Microsoft.Net\Framework\v1.0.3705\Config folder.
STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section. This bug was corrected in ASP.NET (included with the .NET Framework) 1.1. Microsoft has confirmed that this is a problem in Microsoft Windows 2000. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.
MORE INFORMATION
Steps to Reproduce the Behavior
- Start Microsoft Visual Studio .NET.
- Create an ASP.NET Web application.
Add the following code in the HTML of an .aspx page:
<%@ Page language="c#" %> <% System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection("provider=msidxs;"); conn.Open(); string Sql = "Select DocTitle, vpath, characterization, rank from Scope(' DEEP TRAVERSAL OF \"C:\\\" ') where FREETEXT(' \"ticket\" ') order by rank desc"; System.Data.OleDb.OleDbDataAdapter da = new System.Data.OleDb.OleDbDataAdapter(Sql, conn); System.Data.DataSet ds = new System.Data.DataSet(); da.Fill(ds, "SearchResults"); Response.Write("Search Results: <br>"); for (int i = 0; i < ds.Tables[0].Rows.Count; i++) { Response.Write("<br>" + ds.Tables[0].Rows[i]["vpath"].ToString()); } %>
Modify the Web.config file to enable impersonation as follows:
<identity impersonate="true" />
- Make sure that the security context under which the Aspnet_wp.exe worker process runs is the ASPNET account. To do this, set the userName attribute to machine, and then set the Password attribute to autogenerate in the <processModel> section of the Machine.config file.
Note By default, the ASP.NET worker process is set to run under the security context of the restricted ASPNET account. - Start the Indexing Service on your computer.
- Build the application, and then open the .aspx page in your browser. Notice that you receive the error message that is listed in the "Symptoms" section.
REFERENCES
For more information about impersonation in ASP.NET, click the following article number to view the article in the Microsoft Knowledge Base:
306158 How to implement impersonation in an ASP.NET application
For more information about the ASP.NET worker process identity, click the following article number to view the article in the Microsoft Knowledge Base:
317012 Process and request identity in ASP.NET
Keywords: kbhotfixserver kbqfe kbwin2ksp4fix kbother kbfix kbbug kbconfig kbnofix kbsecurity KB323293