Framework 4.5 Auto-Upgrade Breaks Impersonation in 4.0 ASP.Net App RRS feed

  • Question

  • All:

    We have a .net 4.0 (VS2010) web service that, among other things, calls into a Component Services (aka "COM+") stand-alone component running on the same server as the web service.  For legacy security reasons, the COM+ component requires the identity of the original caller, not the identity of the IIS worker process hosting the web service.  Thus, in our web method we make a WindowsIdentity.Impersonate call.  This has works fine for years.  However, recently we discovered Windows Update replaced the Microsoft .Net 4 Framework with the .Net Framework 4.5 (or 4.5.1, or 4.5.2 variants) version and our app immediately stopped working.  Some investigation within the COM+ component revealed incoming identity was that of the IIS worker process, not the original caller.  In other words, impersonation from IIS no longer seemed to work.  An uninstall of the 4.5 Framework, with a subsequent reinstall of the 4.0 Framework redist (and reconfiguring our App Pool to used the 4.0 framework) solved the problem.  We were able to repro this problem repeatedly on the same server as well as in several separate test environments.  Our Server OS is Windows Server 2008 R2.

    Any ideas?  Anyone else experienced this problem?



    Bill Davidson

    Monday, June 23, 2014 9:30 PM

All replies