Q282189: ASP Error When Calling OOP Component with Delegation Security
Article: Q282189
Product(s): Internet Information Server
Version(s): 5.0
Operating System(s):
Keyword(s): kbCOMIS kbWin2000sp3fix
Last Modified: 15-AUG-2002
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Internet Information Server version 5.0
-------------------------------------------------------------------------------
SYMPTOMS
========
If the Web site application has been configured for Delegation security in the
Component Services management tool, and the Web site is configured for Basic
authentication, you may receive the following error message when you try to call
or create an out-of-process component that is on the same computer as Internet
Information Server (IIS):
Error Type: Server object, ASP 0177 (0x800706D5) 800706d5
/page.asp, line 3
NOTE: Error 0x800706D5 is "The security context is invalid".
CAUSE
=====
The user token that is generated from Basic authentication has the
SecurityImpersonation impersonation level instead of the SecurityDelegation
impersonation level.
WORKAROUND
==========
Use Integrated Security (using Kerberos).
RESOLUTION
==========
To resolve this problem, obtain the latest service pack for Windows 2000. For
additional information, click the following article number to view the article
in the Microsoft Knowledge Base:
Q260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or
later:
Date Time Version Size File name
-----------------------------------------------------------------
5/31/2001 03:31p 5.0.2195.3649 332,560 Asp.dll
5/31/2001 03:31p 5.0.2195.3649 13,584 Infoadmn.dll
5/31/2001 03:31p 5.0.2195.3649 245,520 Infocomm.dll
5/31/2001 03:31p 5.0.2195.3649 62,736 Isatq.dll
5/31/2001 03:32p 5.0.2195.3649 7,440 W3ctrs.dll
STATUS
======
Microsoft has confirmed that this is a problem in the Microsoft products that
are listed at the beginning of this article. This problem was first corrected in
Windows 2000 Service Pack 3.
MORE INFORMATION
================
This fix corrects this problem by using the DuplicateTokenEx function to modify
the token's impersonation level to SecurityDelegation.
Additional query words: kbIISCom
======================================================================
Keywords : kbCOMIS kbWin2000sp3fix
Technology : kbiisSearch kbiis500
Version : :5.0
Hardware : ALPHA x86
Issue type : kbbug
Solution Type : kbfix
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.