RE: Problems with authenticated users accessing asp's

From: Gavin (gavin_at_dont.spam.me.com)
Date: 05/25/05 

Date: Wed, 25 May 2005 11:28:04 -0700

Oh how I wish I’d tried that option sooner – I never expected the client to
have more information than the server on the problem – well I don’t suppose
it did, I was just looking in the wrong place for it. Thanks for the help.

My client received this
Permission denied
/LM/W3SVC/25858248/Root/global.asa, line 34
And when I look in the global.asa at line 34 I have

    Set ferrs = fs.CreateTextFile(ERR_FILE, True)

So it is write permissions that I haven’t granted to my web directory. This
begs an important question...

I’m porting this app from NT to Server 2003. Currently the ERR_FILE is
written to the applications root directory. On 2003, is global.asa executed
as the authenticated user? If so does this mean I would need to grant write
access to the application root to maintain current functionality? This
doesn’t sound very safe to me.

Regards
Gavin

"Gavin" wrote:

>
> I have IIS serving static content and asp’s from IIS6 on Win2003 Server. The
> site uses Integrated Security with the server on a 2003 server domain.
> Clients are on a different domain and enter login information in the browser
> pop-up.
> The behaviour I get is as follows ….
>
> - All domain users can access html files.
> - A user I’ve added to the Administrators group on the web server can use
> the site without trouble – all other users are given a 500 response to
> attempts to access asp’s and in the log file I get a permission denied error.
>
> 2005-05-25 09:56:56 W3SVC25858248 xxx.xxx.19.25 GET /Default.asp
> |34|800a0046|Permission_denied 2002 telem\holland xxx.xxx.244.109 HTTP/1.1
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) xxx.xxx.19.25:2002
> 500 0 0 409
>
> - If I drop the site back to anonymous login all works fine.
>
> There is obviously a simple setting I’m missing, and am hopping someone will
> be able to point me at it.
> I’ve tried adding ‘telem\Domain Users’ (where telem is the webserver’s
> domain)to a number of the local security settings (including ‘Access this
> computer from the network’). Is there a definitive list of which are required
> – I’ve added ‘telem\Domain Users’ to all entries that have ‘IUSR_servername’
> and even ‘IIS_WPG’ out of desperation. Any other thoughts?
>
> Regards
> Gavin
>

Relevant Pages

  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)
  • This is going straight to the pool room
    ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
    (comp.os.vms)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)
  • Re: What doesnt lend itself to OO?
    ... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ...
    (comp.object)
  • RE: Fax monitor incoming + outgoing calls?
    ... problem between the client computer and the SBS server. ... Client is using the internal IP address of the SBS server as the ... To the folder redirection GPO issue: ...
    (microsoft.public.windows.server.sbs)