To answer my own question here, for the archives: Set the aspcompat=true in the @page directive seems to fix the problem. I'm going to assume that creating the STA component in the ASP.NET MTA somehow caused it to lose the impersonation token. I'd be interested in a more detailed explanation as to why that would happen, if anyone has one.
Also - perhaps someone can tell me why the runtime didn't raise an error as the documentation suggests should happen? I created a VB component, compiled it, and referenced it directly in ASP.NET. According to what I've read, referencing an STA component from .NET without aspcomat set to true should raise an exception. In my case, it didn't. Jeff -----Original Message----- From: Jeff Dunmall Sent: April 27, 2002 4:48 PM To: '[EMAIL PROTECTED]' Subject: Impersonation, COM and ASP.NET Hi, I'm wondering if someone could shed some light on what seems to be very unusual behaviour with ASP.NET. This has been driving me nuts for days... I've setup windows authentication and impersonation in my web.config file. I'm using Keith Brown's utility [1] to confirm that impersonation is working correctly. The local ASPNET user owns the process token; my user owns the thread token. I've written my own VB COM component that calls the same Win32 function that Keith's component uses - OpenThreadToken(). Keith's code continues on to pump the token for more information; my code uses it to call AccessCheck. This is my problem: while Keith's code works fine, my code returns with an error from OpenThreadToken - 1008 (ERROR_NO_TOKEN). I've tried both from IIS4/ASP and both my VB component and Keith's code work properly. Why doesn't my thread have an impersonation token if another component doing the same thing does? I can only guess that it has something to do with VB COM components, but I'm at a loss as to what that might be. This is keeping me up at night... any help is much appreciated. Thanks, Jeff [1] http://msdn.microsoft.com/msdnmag/issues/01/11/security/security0111.asp You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
