Hi, I'm wondering if someone could shed some light on what seems to be very unusual behaviour with ASP.NET. This has been driving me nuts for days...
I've setup windows authentication and impersonation in my web.config file. I'm using Keith Brown's utility [1] to confirm that impersonation is working correctly. The local ASPNET user owns the process token; my user owns the thread token. I've written my own VB COM component that calls the same Win32 function that Keith's component uses - OpenThreadToken(). Keith's code continues on to pump the token for more information; my code uses it to call AccessCheck. This is my problem: while Keith's code works fine, my code returns with an error from OpenThreadToken - 1008 (ERROR_NO_TOKEN). I've tried both from IIS4/ASP and both my VB component and Keith's code work properly. Why doesn't my thread have an impersonation token if another component doing the same thing does? I can only guess that it has something to do with VB COM components, but I'm at a loss as to what that might be. This is keeping me up at night... any help is much appreciated. Thanks, Jeff [1] http://msdn.microsoft.com/msdnmag/issues/01/11/security/security0111.asp You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
