File based database (dBASE III+)

Discussion in 'ASP .Net Security' started by Dave F., Jun 8, 2005.

  1. Dave F.

    Dave F. Guest

    I hope someone can help. I'm trying to get an asp.net application to run on
    a 2000 or 2003 server and access the data on a remote server. The database
    is dbase III+. I can access the data as long as it is on C drive but remote
    can't get it to access the folder over the network.

    I've tried to use impersonation and setup the application pool for this
    purpose on the 2003 server. I even ran the user as a service. I continue to
    get an error page that simply states "Service Unavailable". I've spent hours
    trying to solve this problem but to no avail.

    I've tried a DSN and DSN less ODBC connection to the data. I've even tried
    it using the Microsoft OleDb provider. Like I said, it works fine as long as
    everything is on the same drive.

    Any ideas?

    Thanks,
    Dave
     
    Dave F., Jun 8, 2005
    #1
    1. Advertising

  2. Hello Dave F.,

    you have to have access to the remote drive - under which account does your
    worker process run?

    if it is NETWORK SERVICE, then you might want to change that to a custom
    account to which you can give access to the share....

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I hope someone can help. I'm trying to get an asp.net application to
    > run on a 2000 or 2003 server and access the data on a remote server.
    > The database is dbase III+. I can access the data as long as it is on
    > C drive but remote can't get it to access the folder over the network.
    >
    > I've tried to use impersonation and setup the application pool for
    > this purpose on the 2003 server. I even ran the user as a service. I
    > continue to get an error page that simply states "Service
    > Unavailable". I've spent hours trying to solve this problem but to no
    > avail.
    >
    > I've tried a DSN and DSN less ODBC connection to the data. I've even
    > tried it using the Microsoft OleDb provider. Like I said, it works
    > fine as long as everything is on the same drive.
    >
    > Any ideas?
    >
    > Thanks,
    > Dave
     
    Dominick Baier [DevelopMentor], Jun 8, 2005
    #2
    1. Advertising

  3. Dave F.

    Dave F. Guest

    Hi Dominick,

    I have added a User and given it access full access to the data folder. Then
    I added the user to the Identity tag in an application pool I created. I
    then assigned that app pool to my web properties in IIS. Then I added that
    user and password to IIS under Anonymous login. When I start the asp.net app
    I get the error page "Service Unavailable". I read on a posting I found
    someplace that the error is caused because the new user needs to be run as a
    service. So I set the account up in my security policies to log on as a
    service. I rebooted and tried again. I still get the same error.

    If I undo all the above all I can get is an error related to not accessing
    the data.

    I've looked at Microsofts examples on setting up impersonation but I just
    can't follow what they are trying to tell me.

    What I need is a simple example of setting up something that will give the
    application access to the data files.

    I'm sure I'm making this way more difficult than it really is, but I'm new
    to ASP.NET.

    Cheers
    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Dave F.,
    >
    > you have to have access to the remote drive - under which account does
    > your worker process run?
    >
    > if it is NETWORK SERVICE, then you might want to change that to a custom
    > account to which you can give access to the share....
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> I hope someone can help. I'm trying to get an asp.net application to
    >> run on a 2000 or 2003 server and access the data on a remote server.
    >> The database is dbase III+. I can access the data as long as it is on
    >> C drive but remote can't get it to access the folder over the network.
    >>
    >> I've tried to use impersonation and setup the application pool for
    >> this purpose on the 2003 server. I even ran the user as a service. I
    >> continue to get an error page that simply states "Service
    >> Unavailable". I've spent hours trying to solve this problem but to no
    >> avail.
    >>
    >> I've tried a DSN and DSN less ODBC connection to the data. I've even
    >> tried it using the Microsoft OleDb provider. Like I said, it works
    >> fine as long as everything is on the same drive.
    >>
    >> Any ideas?
    >>
    >> Thanks,
    >> Dave

    >
    >
    >
     
    Dave F., Jun 8, 2005
    #3
  4. Dave F.

    Paul Clement Guest

    On Wed, 8 Jun 2005 10:57:06 -0700, "Dave F." <> wrote:

    ¤ I hope someone can help. I'm trying to get an asp.net application to run on
    ¤ a 2000 or 2003 server and access the data on a remote server. The database
    ¤ is dbase III+. I can access the data as long as it is on C drive but remote
    ¤ can't get it to access the folder over the network.
    ¤
    ¤ I've tried to use impersonation and setup the application pool for this
    ¤ purpose on the 2003 server. I even ran the user as a service. I continue to
    ¤ get an error page that simply states "Service Unavailable". I've spent hours
    ¤ trying to solve this problem but to no avail.
    ¤
    ¤ I've tried a DSN and DSN less ODBC connection to the data. I've even tried
    ¤ it using the Microsoft OleDb provider. Like I said, it works fine as long as
    ¤ everything is on the same drive.
    ¤
    ¤ Any ideas?

    You're encountering a delegation issue. You may want to check out the following article to see how
    to delegate credentials to the remote (machine) share:

    http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconaspnetdelegation.asp


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Jun 9, 2005
    #4
  5. Dave F.

    Dave F. Guest

    Hi Paul,

    I looked that information over but I just can't get it to work.

    Here is my setup.

    Machine #1
    Windows XP Pro SP2
    VS.NET 2003
    ASP.NET application running in IIS 5.1
    Application using Microsoft Jet 4.0 OLEDB Provider
    Drive mapped to Machine #2 share as T:

    I followed the direction in the following article from
    http://www.codeproject.com/aspnet/Sec_Run_ASPNET_WP.asp to setup a user
    account on this machine. I used
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp
    to setup the user permissions in the various folders.

    Machine #2
    Windows 2003 Small Business Server
    Active Directory running
    Data for the ASP.NET app is on this machine's F: in a shared folder.
    These are dBASE III+ files.
    I created a user account on this machine with the same name and password
    as the user on Machine #1 and granted the account "Full Control" on the
    shared folder.

    Now I get the following error when I start the application: ASP.NET is not
    authorized to access the requested resource. Consider granting access rights
    to the resource to the ASP.NET request identity. ASP.NET has a base process
    identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6)
    that is used if the application is not impersonating. If the application is
    impersonating via <identity impersonate="true"/>, the identity will be the
    anonymous user (typically IUSR_MACHINENAME) or the authenticated request
    user.

    I checked the ASP.NET and my new account. Both have "Full Control" on this
    folder.

    I've worked with this problem for days and I just don't know if it can be
    resolved. I have several clients that want this app. but if I can't get it
    working .......


    Thanks


    "Paul Clement" <> wrote in message
    news:...
    > On Wed, 8 Jun 2005 10:57:06 -0700, "Dave F." <> wrote:
    >
    > ¤ I hope someone can help. I'm trying to get an asp.net application to run
    > on
    > ¤ a 2000 or 2003 server and access the data on a remote server. The
    > database
    > ¤ is dbase III+. I can access the data as long as it is on C drive but
    > remote
    > ¤ can't get it to access the folder over the network.
    > ¤
    > ¤ I've tried to use impersonation and setup the application pool for this
    > ¤ purpose on the 2003 server. I even ran the user as a service. I continue
    > to
    > ¤ get an error page that simply states "Service Unavailable". I've spent
    > hours
    > ¤ trying to solve this problem but to no avail.
    > ¤
    > ¤ I've tried a DSN and DSN less ODBC connection to the data. I've even
    > tried
    > ¤ it using the Microsoft OleDb provider. Like I said, it works fine as
    > long as
    > ¤ everything is on the same drive.
    > ¤
    > ¤ Any ideas?
    >
    > You're encountering a delegation issue. You may want to check out the
    > following article to see how
    > to delegate credentials to the remote (machine) share:
    >
    > http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconaspnetdelegation.asp
    >
    >
    > Paul
    > ~~~~
    > Microsoft MVP (Visual Basic)
     
    Dave F., Jun 10, 2005
    #5
  6. Dave F.

    Paul Clement Guest

    On Thu, 9 Jun 2005 16:45:06 -0700, "Dave F." <> wrote:

    ¤ Hi Paul,
    ¤
    ¤ I looked that information over but I just can't get it to work.
    ¤
    ¤ Here is my setup.
    ¤
    ¤ Machine #1
    ¤ Windows XP Pro SP2
    ¤ VS.NET 2003
    ¤ ASP.NET application running in IIS 5.1
    ¤ Application using Microsoft Jet 4.0 OLEDB Provider
    ¤ Drive mapped to Machine #2 share as T:
    ¤
    ¤ I followed the direction in the following article from
    ¤ http://www.codeproject.com/aspnet/Sec_Run_ASPNET_WP.asp to setup a user
    ¤ account on this machine. I used
    ¤ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp
    ¤ to setup the user permissions in the various folders.
    ¤
    ¤ Machine #2
    ¤ Windows 2003 Small Business Server
    ¤ Active Directory running
    ¤ Data for the ASP.NET app is on this machine's F: in a shared folder.
    ¤ These are dBASE III+ files.
    ¤ I created a user account on this machine with the same name and password
    ¤ as the user on Machine #1 and granted the account "Full Control" on the
    ¤ shared folder.
    ¤
    ¤ Now I get the following error when I start the application: ASP.NET is not
    ¤ authorized to access the requested resource. Consider granting access rights
    ¤ to the resource to the ASP.NET request identity. ASP.NET has a base process
    ¤ identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6)
    ¤ that is used if the application is not impersonating. If the application is
    ¤ impersonating via <identity impersonate="true"/>, the identity will be the
    ¤ anonymous user (typically IUSR_MACHINENAME) or the authenticated request
    ¤ user.
    ¤
    ¤ I checked the ASP.NET and my new account. Both have "Full Control" on this
    ¤ folder.
    ¤
    ¤ I've worked with this problem for days and I just don't know if it can be
    ¤ resolved. I have several clients that want this app. but if I can't get it
    ¤ working .......
    ¤

    OK, I'm a little confused with respect to your configuration. What type of authentication is your
    web application set up for? Anonymous? Basic? Integrated NT?

    If it's Anonymous then you can impersonate and delegate the IUSR account credentials as long as
    there is a local IUSR account on the remote machine with the same password.

    You can also impersonate and delegate credentials for a domain account using Basic authentication.

    If you're using Integrated NT and impersonation then you have to implement Kerberos since encrypted
    credentials cannot be delegated remotely from IIS.

    If you're not using impersonation then delegating the ASPNET (or NetworkService) account requires
    the same scenario as for IUSR.

    In addition, you want to use a UNC path for your dBase folder and not a mapped drive letter.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Jun 10, 2005
    #6
  7. Dave F.

    Dave F. Guest

    The trick was the UNC path to the data. Once I fixed that I was able to
    access the data. I knew I was missing something simple! I'm new to ASP.NET
    and want to thank all of you for your help. These newsgoups have been the
    best place to find the answers to just about any problem.

    Dave


    "Paul Clement" <> wrote in message
    news:...
    > On Thu, 9 Jun 2005 16:45:06 -0700, "Dave F." <> wrote:
    >
    > ¤ Hi Paul,
    > ¤
    > ¤ I looked that information over but I just can't get it to work.
    > ¤
    > ¤ Here is my setup.
    > ¤
    > ¤ Machine #1
    > ¤ Windows XP Pro SP2
    > ¤ VS.NET 2003
    > ¤ ASP.NET application running in IIS 5.1
    > ¤ Application using Microsoft Jet 4.0 OLEDB Provider
    > ¤ Drive mapped to Machine #2 share as T:
    > ¤
    > ¤ I followed the direction in the following article from
    > ¤ http://www.codeproject.com/aspnet/Sec_Run_ASPNET_WP.asp to setup a user
    > ¤ account on this machine. I used
    > ¤
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp
    > ¤ to setup the user permissions in the various folders.
    > ¤
    > ¤ Machine #2
    > ¤ Windows 2003 Small Business Server
    > ¤ Active Directory running
    > ¤ Data for the ASP.NET app is on this machine's F: in a shared folder.
    > ¤ These are dBASE III+ files.
    > ¤ I created a user account on this machine with the same name and
    > password
    > ¤ as the user on Machine #1 and granted the account "Full Control" on
    > the
    > ¤ shared folder.
    > ¤
    > ¤ Now I get the following error when I start the application: ASP.NET is
    > not
    > ¤ authorized to access the requested resource. Consider granting access
    > rights
    > ¤ to the resource to the ASP.NET request identity. ASP.NET has a base
    > process
    > ¤ identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS
    > 6)
    > ¤ that is used if the application is not impersonating. If the application
    > is
    > ¤ impersonating via <identity impersonate="true"/>, the identity will be
    > the
    > ¤ anonymous user (typically IUSR_MACHINENAME) or the authenticated request
    > ¤ user.
    > ¤
    > ¤ I checked the ASP.NET and my new account. Both have "Full Control" on
    > this
    > ¤ folder.
    > ¤
    > ¤ I've worked with this problem for days and I just don't know if it can
    > be
    > ¤ resolved. I have several clients that want this app. but if I can't get
    > it
    > ¤ working .......
    > ¤
    >
    > OK, I'm a little confused with respect to your configuration. What type of
    > authentication is your
    > web application set up for? Anonymous? Basic? Integrated NT?
    >
    > If it's Anonymous then you can impersonate and delegate the IUSR account
    > credentials as long as
    > there is a local IUSR account on the remote machine with the same
    > password.
    >
    > You can also impersonate and delegate credentials for a domain account
    > using Basic authentication.
    >
    > If you're using Integrated NT and impersonation then you have to implement
    > Kerberos since encrypted
    > credentials cannot be delegated remotely from IIS.
    >
    > If you're not using impersonation then delegating the ASPNET (or
    > NetworkService) account requires
    > the same scenario as for IUSR.
    >
    > In addition, you want to use a UNC path for your dBase folder and not a
    > mapped drive letter.
    >
    >
    > Paul
    > ~~~~
    > Microsoft MVP (Visual Basic)
     
    Dave F., Jun 10, 2005
    #7
  8. Hello Dave F.,

    the account must be in the local IIS_WPG group. You have to restart W3SVC
    after that - iisreset.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick,
    >
    > I have added a User and given it access full access to the data
    > folder. Then I added the user to the Identity tag in an application
    > pool I created. I then assigned that app pool to my web properties in
    > IIS. Then I added that user and password to IIS under Anonymous login.
    > When I start the asp.net app I get the error page "Service
    > Unavailable". I read on a posting I found someplace that the error is
    > caused because the new user needs to be run as a service. So I set the
    > account up in my security policies to log on as a service. I rebooted
    > and tried again. I still get the same error.
    >
    > If I undo all the above all I can get is an error related to not
    > accessing the data.
    >
    > I've looked at Microsofts examples on setting up impersonation but I
    > just can't follow what they are trying to tell me.
    >
    > What I need is a simple example of setting up something that will give
    > the application access to the data files.
    >
    > I'm sure I'm making this way more difficult than it really is, but I'm
    > new to ASP.NET.
    >
    > Cheers
    > "Dominick Baier [DevelopMentor]"
    > <>
    > wrote in message news:...
    >> Hello Dave F.,
    >>
    >> you have to have access to the remote drive - under which account
    >> does your worker process run?
    >>
    >> if it is NETWORK SERVICE, then you might want to change that to a
    >> custom account to which you can give access to the share....
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I hope someone can help. I'm trying to get an asp.net application to
    >>> run on a 2000 or 2003 server and access the data on a remote server.
    >>> The database is dbase III+. I can access the data as long as it is
    >>> on C drive but remote can't get it to access the folder over the
    >>> network.
    >>>
    >>> I've tried to use impersonation and setup the application pool for
    >>> this purpose on the 2003 server. I even ran the user as a service. I
    >>> continue to get an error page that simply states "Service
    >>> Unavailable". I've spent hours trying to solve this problem but to
    >>> no avail.
    >>>
    >>> I've tried a DSN and DSN less ODBC connection to the data. I've even
    >>> tried it using the Microsoft OleDb provider. Like I said, it works
    >>> fine as long as everything is on the same drive.
    >>>
    >>> Any ideas?
    >>>
    >>> Thanks,
    >>> Dave
     
    Dominick Baier [DevelopMentor], Jun 11, 2005
    #8
  9. Dave F.

    Bart Guest

    This sounds familiar...

    The ADO/Jet DBase drivers are old and rusty, afaik they cannot deal properly
    with long filenames and network paths.

    Have you tried mapping a drive letter (Z:\) to the location on the network,
    then check permissions accessing this throught it's virtual drive ?

    Bart

    "Dave F." <> wrote in message
    news:...
    >I hope someone can help. I'm trying to get an asp.net application to run on
    >a 2000 or 2003 server and access the data on a remote server. The database
    >is dbase III+. I can access the data as long as it is on C drive but remote
    >can't get it to access the folder over the network.
    >
    > I've tried to use impersonation and setup the application pool for this
    > purpose on the 2003 server. I even ran the user as a service. I continue
    > to get an error page that simply states "Service Unavailable". I've spent
    > hours trying to solve this problem but to no avail.
    >
    > I've tried a DSN and DSN less ODBC connection to the data. I've even tried
    > it using the Microsoft OleDb provider. Like I said, it works fine as long
    > as everything is on the same drive.
    >
    > Any ideas?
    >
    > Thanks,
    > Dave
    >
     
    Bart, Jun 12, 2005
    #9
  10. Dave F.

    Paul Clement Guest

    On Sun, 12 Jun 2005 22:15:04 +0200, "Bart" <> wrote:

    ¤ This sounds familiar...
    ¤
    ¤ The ADO/Jet DBase drivers are old and rusty, afaik they cannot deal properly
    ¤ with long filenames and network paths.
    ¤

    UNC paths *are* supported, long file names are not.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Jun 14, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    6
    Views:
    479
    Thomas Ganss
    Jan 15, 2006
  2. shieldguy

    DBase database connection Problem

    shieldguy, May 23, 2007, in forum: .NET
    Replies:
    0
    Views:
    327
    shieldguy
    May 23, 2007
  3. Ethan Furman

    dBase III files and Visual Foxpro 6 files

    Ethan Furman, Dec 8, 2008, in forum: Python
    Replies:
    4
    Views:
    901
    imageguy
    Dec 9, 2008
  4. Matt Young
    Replies:
    4
    Views:
    405
    Garrett Fitzgerald
    Jan 31, 2004
  5. Eric-Roger Bruecklmeier

    dBase III+ under Ruby?

    Eric-Roger Bruecklmeier, Nov 1, 2003, in forum: Ruby
    Replies:
    1
    Views:
    103
    Stefan Schmiedl
    Nov 2, 2003
Loading...

Share This Page