Access / Security

Discussion in 'ASP General' started by Dthmtlgod, Dec 3, 2004.

  1. Dthmtlgod

    Dthmtlgod Guest

    OK. I have rolled out my simple ASP site, just updates a few fields in a
    database, it works fine for administrators, but the local users are getting
    a page can't be displayed error stating the database is opened exclusively
    (this is not the case) or they don't have rights. The database s shared to
    everyone as well as the actual web server.

    Any ideas?
     
    Dthmtlgod, Dec 3, 2004
    #1
    1. Advertising

  2. Is it opened exclusively by someone else?

    Does your site authenticate your users against a Windows account database
    (i.e. Active Directory). If so, do your users have proper NTFS permissions
    on the ~directory~ in which the database resides?

    If not authenticating, does IUSR_yourServer have NTFS permissions?

    Ray at work

    "Dthmtlgod" <> wrote in message
    news:...
    > OK. I have rolled out my simple ASP site, just updates a few fields in a
    > database, it works fine for administrators, but the local users are

    getting
    > a page can't be displayed error stating the database is opened exclusively
    > (this is not the case) or they don't have rights. The database s shared

    to
    > everyone as well as the actual web server.
    >
    > Any ideas?
    >
    >
    >
     
    Ray Costanzo [MVP], Dec 3, 2004
    #2
    1. Advertising

  3. Dthmtlgod

    Dthmtlgod Guest

    No, the DB is not opened.

    I am using Integrated Windows authentication. All users are on Active
    Directory.


    "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
    message news:...
    > Is it opened exclusively by someone else?
    >
    > Does your site authenticate your users against a Windows account database
    > (i.e. Active Directory). If so, do your users have proper NTFS

    permissions
    > on the ~directory~ in which the database resides?
    >
    > If not authenticating, does IUSR_yourServer have NTFS permissions?
    >
    > Ray at work
    >
    > "Dthmtlgod" <> wrote in message
    > news:...
    > > OK. I have rolled out my simple ASP site, just updates a few fields in

    a
    > > database, it works fine for administrators, but the local users are

    > getting
    > > a page can't be displayed error stating the database is opened

    exclusively
    > > (this is not the case) or they don't have rights. The database s shared

    > to
    > > everyone as well as the actual web server.
    > >
    > > Any ideas?
    > >
    > >
    > >

    >
    >
     
    Dthmtlgod, Dec 3, 2004
    #3
  4. Don't forget, all users of an Access database must have read/write
    permissions to the folder containing the database. Not just to the database
    file. This includes the IUSR_machine account.

    Bob Barrows
    Dthmtlgod wrote:
    > No, the DB is not opened.
    >
    > I am using Integrated Windows authentication. All users are on Active
    > Directory.
    >
    >
    > "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote
    > in message news:...
    >> Is it opened exclusively by someone else?
    >>
    >> Does your site authenticate your users against a Windows account
    >> database (i.e. Active Directory). If so, do your users have proper
    >> NTFS permissions on the ~directory~ in which the database resides?
    >>
    >> If not authenticating, does IUSR_yourServer have NTFS permissions?
    >>
    >> Ray at work
    >>
    >> "Dthmtlgod" <> wrote in message
    >> news:...
    >>> OK. I have rolled out my simple ASP site, just updates a few
    >>> fields in a database, it works fine for administrators, but the
    >>> local users are getting a page can't be displayed error stating the
    >>> database is opened exclusively (this is not the case) or they don't
    >>> have rights. The database s shared to everyone as well as the
    >>> actual web server.
    >>>
    >>> Any ideas?


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Dec 3, 2004
    #4
  5. > > Does your site authenticate your users against a Windows account
    database
    > > (i.e. Active Directory)? If so, do your users have proper NTFS

    > permissions
    > > on the ~directory~ in which the database resides?


    What is the answer to the second question from the quote above?

    Ray at work


    "Dthmtlgod" <> wrote in message
    news:...
    > No, the DB is not opened.
    >
    > I am using Integrated Windows authentication. All users are on Active
    > Directory.
     
    Ray Costanzo [MVP], Dec 3, 2004
    #5
  6. Dthmtlgod

    Dthmtlgod Guest

    Here is the error and connection string

    The Microsoft Jet database engine cannot open the file
    '\\ws\c$\inetpub\wwwroot\database\cxc.mdb'. It is already opened exclusively
    by another user, or you need permission to view its data.
    /cxc/missing_p.asp, line 29

    27 Set Conn = Server.CreateObject("ADODB.Connection")

    28 Conn.Provider = "Microsoft.Jet.OLEDB.4.0"

    29 Conn.Open \\ws\c$\inetpub\wwwroot\database\cxc.mdb




    "Dthmtlgod" <> wrote in message
    news:...
    > No, the DB is not opened.
    >
    > I am using Integrated Windows authentication. All users are on Active
    > Directory.
    >
    >
    > "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
    > message news:...
    > > Is it opened exclusively by someone else?
    > >
    > > Does your site authenticate your users against a Windows account

    database
    > > (i.e. Active Directory). If so, do your users have proper NTFS

    > permissions
    > > on the ~directory~ in which the database resides?
    > >
    > > If not authenticating, does IUSR_yourServer have NTFS permissions?
    > >
    > > Ray at work
    > >
    > > "Dthmtlgod" <> wrote in message
    > > news:...
    > > > OK. I have rolled out my simple ASP site, just updates a few fields

    in
    > a
    > > > database, it works fine for administrators, but the local users are

    > > getting
    > > > a page can't be displayed error stating the database is opened

    > exclusively
    > > > (this is not the case) or they don't have rights. The database s

    shared
    > > to
    > > > everyone as well as the actual web server.
    > > >
    > > > Any ideas?
    > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Dthmtlgod, Dec 3, 2004
    #6
  7. What kind of authentication are you using? Integrated? If so, you cannot
    "daisy chain" the authentication from one server to another, which is what
    would be required if you need to access a share on a separate server. In
    order to daisy chain authentication, you need to have a kerberos ticket
    created. I do not believe that one is created with integrated
    authentication. See these articles:

    http://support.microsoft.com/?kbid=264921
    http://support.microsoft.com/?kbid=287537

    Or just move the database to the web server... Of course, I have a
    suspicion that WS actually is your web server in which case, why are you
    using a UNC path?

    Oh, but then you did say that admins can access things fine, so maybe you
    are already authenticating properly. So, in that case, the default shares
    like C$ only allow admins to access them by default. Create a different
    share!

    Ray at work

    "Dthmtlgod" <> wrote in message
    news:%...
    > Here is the error and connection string
    >
    > The Microsoft Jet database engine cannot open the file
    > '\\ws\c$\inetpub\wwwroot\database\cxc.mdb'. It is already opened

    exclusively
    > by another user, or you need permission to view its data.
    > /cxc/missing_p.asp, line 29
    >
    > 27 Set Conn = Server.CreateObject("ADODB.Connection")
    >
    > 28 Conn.Provider = "Microsoft.Jet.OLEDB.4.0"
    >
    > 29 Conn.Open \\ws\c$\inetpub\wwwroot\database\cxc.mdb
    >
    >
    >
    >
     
    Ray Costanzo [MVP], Dec 3, 2004
    #7
  8. Dthmtlgod

    Dthmtlgod Guest

    OK. I have made a little more progress on this, but not heading in the
    right direction.

    If I add a local user account for a user. He/she can access the database.
    The website works fine.

    I really don't want to add all 500 users. I must be missing something very
    easy, as I mentioned before all administrators can access it with no
    problems.




    "Dthmtlgod" <> wrote in message
    news:%...
    > Thanks Ray,
    >
    > What I just did was move the DB to a network share that everyone has

    access
    > to. Now when I try to access the DB, I don't have access it via the web
    > server, but I do using explorer. The users can open it in explorer, but
    > receive the same error.
    >
    >
    >
    >
    >
    >
    > "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
    > message news:...
    > > What kind of authentication are you using? Integrated? If so, you

    cannot
    > > "daisy chain" the authentication from one server to another, which is

    what
    > > would be required if you need to access a share on a separate server.

    In
    > > order to daisy chain authentication, you need to have a kerberos ticket
    > > created. I do not believe that one is created with integrated
    > > authentication. See these articles:
    > >
    > > http://support.microsoft.com/?kbid=264921
    > > http://support.microsoft.com/?kbid=287537
    > >
    > > Or just move the database to the web server... Of course, I have a
    > > suspicion that WS actually is your web server in which case, why are you
    > > using a UNC path?
    > >
    > > Oh, but then you did say that admins can access things fine, so maybe

    you
    > > are already authenticating properly. So, in that case, the default

    shares
    > > like C$ only allow admins to access them by default. Create a different
    > > share!
    > >
    > > Ray at work
    > >
    > > "Dthmtlgod" <> wrote in message
    > > news:%...
    > > > Here is the error and connection string
    > > >
    > > > The Microsoft Jet database engine cannot open the file
    > > > '\\ws\c$\inetpub\wwwroot\database\cxc.mdb'. It is already opened

    > > exclusively
    > > > by another user, or you need permission to view its data.
    > > > /cxc/missing_p.asp, line 29
    > > >
    > > > 27 Set Conn = Server.CreateObject("ADODB.Connection")
    > > >
    > > > 28 Conn.Provider = "Microsoft.Jet.OLEDB.4.0"
    > > >
    > > > 29 Conn.Open \\ws\c$\inetpub\wwwroot\database\cxc.mdb
    > > >
    > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Dthmtlgod, Dec 3, 2004
    #8
  9. Dthmtlgod

    Jeff Cochran Guest

    On Fri, 3 Dec 2004 13:30:27 -0500, "Dthmtlgod"
    <> wrote:

    >OK. I have made a little more progress on this, but not heading in the
    >right direction.
    >
    >If I add a local user account for a user. He/she can access the database.
    >The website works fine.
    >
    >I really don't want to add all 500 users. I must be missing something very
    >easy, as I mentioned before all administrators can access it with no
    >problems.


    You're missing the permissions for the files/folders and share. And
    misunderstanding how to use Windows NTFS and share permissions to
    apply these to a *group* then add the users to the group.

    *Or* if this is going to be web-based, use anonymous access and make
    the IUSR account able to access the proper files/folders.

    Although you never tell us the specific error, my guess is it's
    covered here:

    Why do I get database-related 80004005 errors?
    http://www.aspfaq.com/show.asp?id=2009

    Jeff


    >"Dthmtlgod" <> wrote in message
    >news:%...
    >> Thanks Ray,
    >>
    >> What I just did was move the DB to a network share that everyone has

    >access
    >> to. Now when I try to access the DB, I don't have access it via the web
    >> server, but I do using explorer. The users can open it in explorer, but
    >> receive the same error.
    >>
    >>
    >>
    >>
    >>
    >>
    >> "Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
    >> message news:...
    >> > What kind of authentication are you using? Integrated? If so, you

    >cannot
    >> > "daisy chain" the authentication from one server to another, which is

    >what
    >> > would be required if you need to access a share on a separate server.

    >In
    >> > order to daisy chain authentication, you need to have a kerberos ticket
    >> > created. I do not believe that one is created with integrated
    >> > authentication. See these articles:
    >> >
    >> > http://support.microsoft.com/?kbid=264921
    >> > http://support.microsoft.com/?kbid=287537
    >> >
    >> > Or just move the database to the web server... Of course, I have a
    >> > suspicion that WS actually is your web server in which case, why are you
    >> > using a UNC path?
    >> >
    >> > Oh, but then you did say that admins can access things fine, so maybe

    >you
    >> > are already authenticating properly. So, in that case, the default

    >shares
    >> > like C$ only allow admins to access them by default. Create a different
    >> > share!
    >> >
    >> > Ray at work
    >> >
    >> > "Dthmtlgod" <> wrote in message
    >> > news:%...
    >> > > Here is the error and connection string
    >> > >
    >> > > The Microsoft Jet database engine cannot open the file
    >> > > '\\ws\c$\inetpub\wwwroot\database\cxc.mdb'. It is already opened
    >> > exclusively
    >> > > by another user, or you need permission to view its data.
    >> > > /cxc/missing_p.asp, line 29
    >> > >
    >> > > 27 Set Conn = Server.CreateObject("ADODB.Connection")
    >> > >
    >> > > 28 Conn.Provider = "Microsoft.Jet.OLEDB.4.0"
    >> > >
    >> > > 29 Conn.Open \\ws\c$\inetpub\wwwroot\database\cxc.mdb
    >> > >
    >> > >
    >> > >
    >> > >
    >> >
    >> >

    >>
    >>

    >
     
    Jeff Cochran, Dec 3, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    376
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,450
    Roedy Green
    Jan 28, 2006
  3. Akram Baig
    Replies:
    0
    Views:
    348
    Akram Baig
    Apr 7, 2011
  4. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    170
    Dinis Cruz
    Oct 11, 2003
  5. Marc

    Security Access, Access Denied

    Marc, Aug 16, 2006, in forum: ASP .Net Security
    Replies:
    0
    Views:
    140
Loading...

Share This Page