I am using identity impersonation in one of my ASP.NET projects, and this error popped up today (back from vacation all of 1 hour--it figures).
Parser Error Message: Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'A required privilege is not held by the client. '
Source Error:
Line 7: <customErrors mode="Off" />
Line 8: <authentication mode="Windows" />
Line 9: <identity impersonate="true"
Line 10: userName="registry:HKLM\SOFTWARE\munge\identity\ASPNET_SETREG,userName"
Line 11: password="registry:HKLM\SOFTWARE\munge\identity\ASPNET_SETREG,password" /> |
This error occured on both the production and development machine. The credentials were stored in the registry using the aspnet_setreg.exe tool, and I knew this app worked when I left. Google turned up all sorts of information on how if you're using the 1.0 Framework, you had to grant the user “Run as part of operating system” permissions, but this wasn't necessary if you were using the 1.1 Framework (I am using 1.1). Since I hadn't set this permission in the past anyway, I had a hard time figuring out why this was necessary now.
The answer turned out to be something simple. This application uses a domain user account to log on to SQL server and for file system access. The user account was created specifically for this application in our AD structure, and the option “password never expires” had not been checked. I found this out by attempting to log on to my dev machine as the user. Once the network admin checked the option, we were good to go.
Take home message: look at the easy stuff before you go changing all sorts of permissions, check the easy stuff.
Steven Smith has safely returned, and is starting to set up his new Alienware laptop. According to Pat Santry in a post made on the same day, Alienware uses DotNetNuke for its website.
Anyhow, welcome home Steven, and thanks.