File based database (dBASE III+)

[Dave F.]

I hope someone can help. I'm trying to get an asp.net application to run on
a 2000 or 2003 server and access the data on a remote server. The database
is dbase III+. I can access the data as long as it is on C drive but remote
can't get it to access the folder over the network.

I've tried to use impersonation and setup the application pool for this
purpose on the 2003 server. I even ran the user as a service. I continue to
get an error page that simply states "Service Unavailable". I've spent hours
trying to solve this problem but to no avail.

I've tried a DSN and DSN less ODBC connection to the data. I've even tried
it using the Microsoft OleDb provider. Like I said, it works fine as long as
everything is on the same drive.

Any ideas?

Thanks,
Dave

 

[Dominick Baier [DevelopMentor]]

Hello Dave F.,

you have to have access to the remote drive - under which account does your
worker process run?

if it is NETWORK SERVICE, then you might want to change that to a custom
account to which you can give access to the share....

 

[Dave F.]

Hi Dominick,

I have added a User and given it access full access to the data folder. Then
I added the user to the Identity tag in an application pool I created. I
then assigned that app pool to my web properties in IIS. Then I added that
user and password to IIS under Anonymous login. When I start the asp.net app
I get the error page "Service Unavailable". I read on a posting I found
someplace that the error is caused because the new user needs to be run as a
service. So I set the account up in my security policies to log on as a
service. I rebooted and tried again. I still get the same error.

If I undo all the above all I can get is an error related to not accessing
the data.

I've looked at Microsofts examples on setting up impersonation but I just
can't follow what they are trying to tell me.

What I need is a simple example of setting up something that will give the
application access to the data files.

I'm sure I'm making this way more difficult than it really is, but I'm new
to ASP.NET.

Cheers

 

[Paul Clement]

¤ I hope someone can help. I'm trying to get an asp.net application to run on
¤ a 2000 or 2003 server and access the data on a remote server. The database
¤ is dbase III+. I can access the data as long as it is on C drive but remote
¤ can't get it to access the folder over the network.
¤
¤ I've tried to use impersonation and setup the application pool for this
¤ purpose on the 2003 server. I even ran the user as a service. I continue to
¤ get an error page that simply states "Service Unavailable". I've spent hours
¤ trying to solve this problem but to no avail.
¤
¤ I've tried a DSN and DSN less ODBC connection to the data. I've even tried
¤ it using the Microsoft OleDb provider. Like I said, it works fine as long as
¤ everything is on the same drive.
¤
¤ Any ideas?

You're encountering a delegation issue. You may want to check out the following article to see how
to delegate credentials to the remote (machine) share:

http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconaspnetdelegation.asp


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[Dave F.]

Hi Paul,

I looked that information over but I just can't get it to work.

Here is my setup.

Machine #1
Windows XP Pro SP2
VS.NET 2003
ASP.NET application running in IIS 5.1
Application using Microsoft Jet 4.0 OLEDB Provider
Drive mapped to Machine #2 share as T:

I followed the direction in the following article from
http://www.codeproject.com/aspnet/Sec_Run_ASPNET_WP.asp to setup a user
account on this machine. I used
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp
to setup the user permissions in the various folders.

Machine #2
Windows 2003 Small Business Server
Active Directory running
Data for the ASP.NET app is on this machine's F: in a shared folder.
These are dBASE III+ files.
I created a user account on this machine with the same name and password
as the user on Machine #1 and granted the account "Full Control" on the
shared folder.

Now I get the following error when I start the application: ASP.NET is not
authorized to access the requested resource. Consider granting access rights
to the resource to the ASP.NET request identity. ASP.NET has a base process
identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6)
that is used if the application is not impersonating. If the application is
impersonating via <identity impersonate="true"/>, the identity will be the
anonymous user (typically IUSR_MACHINENAME) or the authenticated request
user.

I checked the ASP.NET and my new account. Both have "Full Control" on this
folder.

I've worked with this problem for days and I just don't know if it can be
resolved. I have several clients that want this app. but if I can't get it
working .......


Thanks

 

[Paul Clement]

¤ Hi Paul,
¤
¤ I looked that information over but I just can't get it to work.
¤
¤ Here is my setup.
¤
¤ Machine #1
¤ Windows XP Pro SP2
¤ VS.NET 2003
¤ ASP.NET application running in IIS 5.1
¤ Application using Microsoft Jet 4.0 OLEDB Provider
¤ Drive mapped to Machine #2 share as T:
¤
¤ I followed the direction in the following article from
¤ http://www.codeproject.com/aspnet/Sec_Run_ASPNET_WP.asp to setup a user
¤ account on this machine. I used
¤ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp
¤ to setup the user permissions in the various folders.
¤
¤ Machine #2
¤ Windows 2003 Small Business Server
¤ Active Directory running
¤ Data for the ASP.NET app is on this machine's F: in a shared folder.
¤ These are dBASE III+ files.
¤ I created a user account on this machine with the same name and password
¤ as the user on Machine #1 and granted the account "Full Control" on the
¤ shared folder.
¤
¤ Now I get the following error when I start the application: ASP.NET is not
¤ authorized to access the requested resource. Consider granting access rights
¤ to the resource to the ASP.NET request identity. ASP.NET has a base process
¤ identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6)
¤ that is used if the application is not impersonating. If the application is
¤ impersonating via <identity impersonate="true"/>, the identity will be the
¤ anonymous user (typically IUSR_MACHINENAME) or the authenticated request
¤ user.
¤
¤ I checked the ASP.NET and my new account. Both have "Full Control" on this
¤ folder.
¤
¤ I've worked with this problem for days and I just don't know if it can be
¤ resolved. I have several clients that want this app. but if I can't get it
¤ working .......
¤

OK, I'm a little confused with respect to your configuration. What type of authentication is your
web application set up for? Anonymous? Basic? Integrated NT?

If it's Anonymous then you can impersonate and delegate the IUSR account credentials as long as
there is a local IUSR account on the remote machine with the same password.

You can also impersonate and delegate credentials for a domain account using Basic authentication.

If you're using Integrated NT and impersonation then you have to implement Kerberos since encrypted
credentials cannot be delegated remotely from IIS.

If you're not using impersonation then delegating the ASPNET (or NetworkService) account requires
the same scenario as for IUSR.

In addition, you want to use a UNC path for your dBase folder and not a mapped drive letter.


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[Dave F.]

The trick was the UNC path to the data. Once I fixed that I was able to
access the data. I knew I was missing something simple! I'm new to ASP.NET
and want to thank all of you for your help. These newsgoups have been the
best place to find the answers to just about any problem.

Dave

 

[Dominick Baier [DevelopMentor]]

Hello Dave F.,

the account must be in the local IIS_WPG group. You have to restart W3SVC
after that - iisreset.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi Dominick,

I have added a User and given it access full access to the data
folder. Then I added the user to the Identity tag in an application
pool I created. I then assigned that app pool to my web properties in
IIS. Then I added that user and password to IIS under Anonymous login.
When I start the asp.net app I get the error page "Service
Unavailable". I read on a posting I found someplace that the error is
caused because the new user needs to be run as a service. So I set the
account up in my security policies to log on as a service. I rebooted
and tried again. I still get the same error.

If I undo all the above all I can get is an error related to not
accessing the data.

I've looked at Microsofts examples on setting up impersonation but I
just can't follow what they are trying to tell me.

What I need is a simple example of setting up something that will give
the application access to the data files.

I'm sure I'm making this way more difficult than it really is, but I'm
new to ASP.NET.

Cheers
"Dominick Baier [DevelopMentor]"

Hello Dave F.,

you have to have access to the remote drive - under which account
does your worker process run?

if it is NETWORK SERVICE, then you might want to change that to a
custom account to which you can give access to the share....

 

[Bart]

This sounds familiar...

The ADO/Jet DBase drivers are old and rusty, afaik they cannot deal properly
with long filenames and network paths.

Have you tried mapping a drive letter (Z:\) to the location on the network,
then check permissions accessing this throught it's virtual drive ?

Bart

 

[Paul Clement]

¤ This sounds familiar...
¤
¤ The ADO/Jet DBase drivers are old and rusty, afaik they cannot deal properly
¤ with long filenames and network paths.
¤

UNC paths *are* supported, long file names are not.


Paul
~~~~
Microsoft MVP (Visual Basic)