Article ID: 827559
Article Last Modified on 4/19/2007
APPLIES TO
- Microsoft ASP.NET 1.1
- Microsoft Windows 2000 Service Pack 4
SYMPTOMS
When you try to debug a Microsoft ASP.NET Web Application on a computer that is running Microsoft Windows 2000 Server domain controller with Service Pack 4 (SP4) installed, you may receive the following error message:
CAUSE
This problem occurs when the account that is used to run the ASP.NET Worker process (by default, this is the IWAM user account on the domain controller) is not assigned with the "Impersonate a client after authentication" user right in the local security policy. This problem may occur when you install Windows 2000 SP4, and then install Microsoft Visual Studio .NET. In this situation, the IWAM account is not granted the "Impersonate a client after authentication" user right in the local security policy.
The "Impersonate a client after authentication" user right (also named SeImpersonatePrivilege) is a new Microsoft Windows 2000 security setting that was first included in Microsoft Windows 2000 SP4.
WORKAROUND
To work around the problem, manually assign the "Impersonate a client after authentication" user right to the IWAM account. To do this, follow these steps:
- Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
- Click Security Settings.
- Click Local Policies, and then click User Rights Assignment.
- In the right pane, double-click Impersonate a client after authentication.
- In the Security Policy Setting window, click Define these policy settings.
- Click Add, and then click Browse.
- In the Select Users or Groups window, select the IWAM account name, click Add, and then click OK.
- Click OK two times.
- To enforce an update of the computer policy, type the following command at a command prompt, and then press ENTER:
secedit /refreshpolicy machine_policy /enforce
- At the command prompt, type iisreset, and then press ENTER.
STATUS
This behavior is by design.
MORE INFORMATION
Steps to Reproduce the Behavior
Install Service Pack 4
To download and install Windows 2000 SP4, visit the following Microsoft Web site:
Create a New ASP.NET Web Application
- In Visual Studio .NET, use Microsoft Visual Basic .NET or Microsoft Visual C# .NET to create a new ASP.NET Web Application project. By default, WebForm1.aspx is created.
- Right-click WebForm1.aspx, and then click View Code to open the code behind file.
Replace the existing code of the Page_Load event with the following code:
Visual C#.NETprivate void Page_Load(object sender, System.EventArgs e) { Response.Write("Debug Break point"); }
Visual Basic.NET
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Response.Write("Debug Break") End Sub
- On the Build menu, click Build Solution.
Debug the Application
- Set a break point in the code of the Page_Load event.
- To debug the application, click Start on the Debug menu in Visual Studio .NET.
REFERENCES
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
824308 BUG: IWAM Account Is Not Granted the Impersonate Privilege for ASP.NET 1.1 on a Windows 2000 Domain Controller with SP4
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
821255 "Error While Trying to Run Project" Error Message Occurs When You Debug a Web Application in Visual Studio .NET
For more information about ASP.NET Impersonation, visit the following Microsoft Developer Network (MSDN) Web site:
Keywords: kbprb kbsecurity kbconfig kbdomain KB827559