[AccessD] ASP and Access Problem

Jim Hewson JHewson at karta.com
Wed Mar 5 11:44:01 CST 2003 

No blue here either -- what was I thinking?

Thanks, I'll check it out.

Jim

-----Original Message-----
From: Drew Wutka [mailto:DWUTKA at marlow.com]
Sent: Wednesday, March 05, 2003 10:22 AM
To: accessd at databaseadvisors.com
Subject: RE: [AccessD] ASP and Access Problem


Jim, first...no blue! <VBG>

I would look into the security first.  Actually, scratch that.  I would set
the IIS settings to show more detailed ASP error messages.  You can get
error messages that will actually pinpoint the problem.

I personally use VB .dll's to do most of the work, so my ASP looks like this
usually:

Dim sc
Dim Resp
Set sc=server.createobject("MyDLL.SomeClass
sc.SomeProperty=SomeValue
Resp=sc.GetData
If Resp="Done" then
	'do something with the classes properties, which have now been set
by the GetData procedure
Else
	Response.write "The following error occurred on the server:<br><br>"
& resp
End if
Set sc=nothing

That way, if something went wrong with the GetData process (which is where
99.9% of the problems are going to occur), the ASP is going to write out to
the user the error message.  That means the IIS server isn't getting the
error, just the .dll.

Now, when I first started with ASP, one of the big hurdles I had to tackle
was understanding how IIS security works.  When I started making mdb driven
ASP pages, I ran into problems where my code kept telling me it couldn't
find the .mdb file.  It made no sense, until I figured out the security
issue.

Here's the deal. There are FOUR security options for a web page (each page
can have it's own set of options).  4 user settings (You can also include IP
security, and SSL....not going to get into those....these do not affect how
you interact with an .mdb).

The first setting is 'Anonymous Access', which from what you say, you are
not using.  But the way Anonymous Access works is you give the IIS server an
NT Account in which to 'act as', and when a user gets a web page with that
access, they are 'acting' like the Anonymous Account. So if you have the
Anonymous Access setup to use an account that doesn't have access to a
particular file, pages that need that file are going to fail, because the
anonymous account doesn't have the right access.

The next is Plain Text Passwords.  This option prompts the user to log on.
It sends the password across the lines as plain text though, so it's not
very 'secure'.  However, this option is exactly the same as the Anonymous
Access, in that whenever a user logs in, their 'credentials' are used for
whatever access is required for the page (or the ASP that is working behind
the page).

The next one is the kicker...and it could very likely be your issue.  It's
Windows Integrated Security.  It too prompts for a logon, however, it works
similar to a normal Workstation logon by not sending a plain text user and
password across the lines, instead, it sends an encrypted hash.  Here's the
problem with that.  This security option ONLY works locally on the IIS
Server.  You cannot access ANYTHING that is located off of the IIS Server.
That would include network databases, both .mdbs and Server Side dbs.  When
this security option is used, and you try to access a network resource, you
are going to get the 'database can't be found' message, simply because it
can't access it due to security, thus to Access/DAO/ADO, the file just
doesn't exist.  This can be pretty tricky, because even if you have an .mdb
on the local IIS machine, if you have a linked table to a network .mdb, it
is going to have problems when it hits that linked table.

The fourth option is a mixture of 2 and 3.  But it is only available when
the IIS server is running in an Active Directory environment.  I have that
setup at home, but haven't had any time to see what all it can do.

In conclusion, get the IIS server to give you a more complete error message,
and if it's an issue of 'finding' the database, take a look at your security
settings in combination of where your 'resources' are actually located.

Drew


-----Original Message-----
From: Jim Hewson [mailto:JHewson at karta.com]
Sent: Wednesday, March 05, 2003 8:13 AM
To: 'accessd at databaseadvisors.com'
Subject: RE: [AccessD] ASP and Access Problem


Thanks Drew for responding.
Answers below in Blue.
Jim

--Snip--
Okay, am I to understand that the Access FE is working fine, but the ASP FE
is having problems?  -Correct.

First of all, is anyone going into the BE directly?  That could be an easy
problem to fix.  If the BE is being locked, no one is going to be working.
No one accesses the BE without going through either the Access FE or ASP.

Next, is the BE located on the IIS machine, or it on a network resource?  If
it's on a network resource, that can also be an issue, depending on how the
security of the IIS machine is setup.

It's on a IIS machine as far as I know.  What kind of security does it need
to be?
The users of the ASP log in using their network user ID and password.  There
is no security set up on the Access FE or BE.

thanks again.

Jim

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list