?
Solved

<identity impersonate="true" /> and local server

Posted on 2004-09-10
16
Medium Priority
?
18,719 Views
Last Modified: 2011-08-18
I have a site that has an insert satement for an MS Access file and if i don't have the <identity impersonate="true" /> in the web.config file it runs ok on my local server but not on the production server, but if i add it it works fine on the production server but get an error on my local server.  Both machines have read/write/modify for the mdb file for everyone and IUSR.  

Am I missing something on the settings?  What's not set on my local server that needs to be for the <identity impersonate="true" /> statement?  
0
Comment
Question by:dougfosterNYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +2
16 Comments
 
LVL 7

Expert Comment

by:Fred Goodwin
ID: 12026680
Does the Access file reside on the web server?
Are you using windows Authentication?
0
 
LVL 33

Expert Comment

by:raterus
ID: 12026701
Can you give more info on this error?  Can you confirm it is directly related to the mdb file, or could it be an aspx page.  When you set <identity impersonate="true" /> your aspx pages themselves are going to need to have permission set for this impersonated user.
0
 

Author Comment

by:dougfosterNYC
ID: 12026761
Yes, the access file is on the web server.  It's just an MDB file in the same directory (or DB subdirectory) of the web site.  I wish I was more knowledgable about authentication, otherwise I probably wouldn't be so confused here.  on my local server I just set to read/write/modify in the file properties and gave it to Everyone, which also goes to IUSR.  

The question is, what does the <identity impersonate-"true" /> statement do?  With this statement the file is updateable on the production server but not when run it locally on my server.  When I don't have the statement in it runs fine on my local server and I can update the MDB file.  
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dougfosterNYC
ID: 12026822
Ok, I"m not being clear here.  I have this site working on two servers, my own and a production server.  I can get the insert action working on both servers, but it works on the production server with the <identity impersonate="true"> in the web.config file and on my local machine when I don't have the statement in.  So it shouldn't be a problem with an aspx file.  

I don't understand authentication that well, so it should be a simple setting, or something, that i change on my local server.  Maybe it's because I come in on my local browser and the authentication is different because it's localserver.  
0
 

Author Comment

by:dougfosterNYC
ID: 12026853
To follow up.  I want to be able to have this run on both servers with the same environment.  I have more control over the local server, so i want to make the change on my machine, with the <identity> statement set as true.  
0
 
LVL 33

Expert Comment

by:raterus
ID: 12026895
<identity impersonate="true" /> will assume the identity of the authenticated user connected to IIS (usually replacing the ASPNET user).  Here is some more info on which permissions are set.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp
0
 
LVL 33

Expert Comment

by:raterus
ID: 12026916
What type of authentication are you using on IIS?  (it's under the directory security tab of the directory)  Anonymous/Integrated Windows/Basic/Digest?  If you can tell me this I can tell you who should have permissions where based on your impersonation.
0
 

Author Comment

by:dougfosterNYC
ID: 12027643
I'm using Anonymous authentication.  
0
 
LVL 7

Expert Comment

by:Fred Goodwin
ID: 12027841
If you are using anonymous authentication then IIS will ignore your windows auth.  If this is on an Active directory domain try turning off the Anon auth and just leave windows auth on.  If it is not on a win domain try using basic auth.  Basic auth is not very secure as it sends usernames and passwords in plain text but it will tell us if it is a rights issue.  My first thought was this is the IIS 2 hop issue where you lose credentials on the second hop but it looks like that is not the problem.
0
 
LVL 10

Accepted Solution

by:
jnhorst earned 750 total points
ID: 12028182
From your comments above it looks like the Access database is on the production server and when you try to access it from your dev machine you are trying to access it by way of a network filesystem share.  Am I right on this?  If this is the case, what is happening is that when you try to access it over the network, that attempt is being made in the security context of the IUSR_ account *on your dev box*.  Your production server knows nothing about the IUSR_ account on your dev box and is reejcting the attempt.  What you need to do is create a domain/Active Directory account specifically for authenticating anonymous requests.  Then on both your production server and dev box, set IIS to authentocate anonymoous requests with this account rather than the local IUSR_ accounts.  Of course you will need to give this new domain account the proper permissions to access the MDB file on the production server.

John
0
 
LVL 10

Expert Comment

by:jnhorst
ID: 12028215
Also, keep <identity impersonate="true" /> in web.config.

John
0
 

Author Comment

by:dougfosterNYC
ID: 12028470
I have the Access database on both machines.  I'm trying to have the two machines do the exact same thing.  The only difference is that I'm testing on my own machine so the browser (me, when I'm testing) is on the localserver, so that might be confusing things.  
0
 
LVL 33

Expert Comment

by:raterus
ID: 12029996
If you impersonate with anonymous authentication, both your aspx pages and the database will need to have permissions of the anonymous user configured in IIS.  Is this the case?
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 12068925
Arrrggghhh!!!!  This got me for a long time before I figured out what was happening.  That's one of the a,azingly high number of reasons why I do not use Access for anything anymore.  However, jnhorst has this one right on the money.  This will forever be a sore spot for me.  

dougfosterNYC, the more I develop, the more I find that the Web.Config will almost never be the same in both environments.  However, the rest of the files (barring updates) will.  the reason for this is that on your development machine, you are running as yourself with what I assume is administrative (or close) priveledges.  Whenever you perform network requests, YOUR windows login credentials will always be used.  While developing with Visual Studio, a lot of that is so transparent now that it gets so easy to hit road blocks if you aren't paying attention.  It gets to where you oftentimes cannot tell if you are sending a request to IIS, or other way through the network and windows.

This opens another big can of worms where you can use aspnet_wp.exe to authenticate all request types by file extension...
0
 

Author Comment

by:dougfosterNYC
ID: 12069294
Thanks guys.  I basically got something running, although my web.config is different on each machine.  
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 12069441
** Correction for me - aspnet_wp.exe should be aspnet_isapi.exe **
D'oh!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month15 days, 2 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question