Interesting... thanks for the explanation. I'm still curious about the technical explanation for this though. Why would a STA COM object not have access to the impersonation token if it's created in ASP.NET without aspcompat=true?
Wouldn't this also imply that in addition to bad performance and potential runtime errors, calling STA COM components from .NET with aspcompat not set and impersonation enabled will result in the incorrect security context being used by the STA component? Jeff -----Original Message----- From: Scott Guthrie [mailto:[EMAIL PROTECTED]] Sent: April 28, 2002 11:45 PM To: [EMAIL PROTECTED] Subject: Re: Impersonation, COM and ASP.NET The exception is only raised if you create the COM component using the Server.CreateObject(progid) method. =20 If you create a COM wrapper and new the object directly -- then there is no way for ASP.Net to intercept the call and fail if aspcompat hasn't been set. Hope this helps, Scott P.S. A general rule -- if you are using an VB6 or STA COM component within a page -- always set aspcompat=3Dtrue. If you don't you will suffer really bad perf, and potentially run into runtime errors. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
