[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

<identity impersonate="true" /> and local server

Posted on 2004-09-10
16
Medium Priority
?
18,755 Views
Last Modified: 2011-08-18
I have a site that has an insert satement for an MS Access file and if i don't have the <identity impersonate="true" /> in the web.config file it runs ok on my local server but not on the production server, but if i add it it works fine on the production server but get an error on my local server.  Both machines have read/write/modify for the mdb file for everyone and IUSR.  

Am I missing something on the settings?  What's not set on my local server that needs to be for the <identity impersonate="true" /> statement?  
0
Comment
Question by:dougfosterNYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +2
16 Comments
 
LVL 7

Expert Comment

by:Fred Goodwin
ID: 12026680
Does the Access file reside on the web server?
Are you using windows Authentication?
0
 
LVL 33

Expert Comment

by:raterus
ID: 12026701
Can you give more info on this error?  Can you confirm it is directly related to the mdb file, or could it be an aspx page.  When you set <identity impersonate="true" /> your aspx pages themselves are going to need to have permission set for this impersonated user.
0
 

Author Comment

by:dougfosterNYC
ID: 12026761
Yes, the access file is on the web server.  It's just an MDB file in the same directory (or DB subdirectory) of the web site.  I wish I was more knowledgable about authentication, otherwise I probably wouldn't be so confused here.  on my local server I just set to read/write/modify in the file properties and gave it to Everyone, which also goes to IUSR.  

The question is, what does the <identity impersonate-"true" /> statement do?  With this statement the file is updateable on the production server but not when run it locally on my server.  When I don't have the statement in it runs fine on my local server and I can update the MDB file.  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dougfosterNYC
ID: 12026822
Ok, I"m not being clear here.  I have this site working on two servers, my own and a production server.  I can get the insert action working on both servers, but it works on the production server with the <identity impersonate="true"> in the web.config file and on my local machine when I don't have the statement in.  So it shouldn't be a problem with an aspx file.  

I don't understand authentication that well, so it should be a simple setting, or something, that i change on my local server.  Maybe it's because I come in on my local browser and the authentication is different because it's localserver.  
0
 

Author Comment

by:dougfosterNYC
ID: 12026853
To follow up.  I want to be able to have this run on both servers with the same environment.  I have more control over the local server, so i want to make the change on my machine, with the <identity> statement set as true.  
0
 
LVL 33

Expert Comment

by:raterus
ID: 12026895
<identity impersonate="true" /> will assume the identity of the authenticated user connected to IIS (usually replacing the ASPNET user).  Here is some more info on which permissions are set.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp
0
 
LVL 33

Expert Comment

by:raterus
ID: 12026916
What type of authentication are you using on IIS?  (it's under the directory security tab of the directory)  Anonymous/Integrated Windows/Basic/Digest?  If you can tell me this I can tell you who should have permissions where based on your impersonation.
0
 

Author Comment

by:dougfosterNYC
ID: 12027643
I'm using Anonymous authentication.  
0
 
LVL 7

Expert Comment

by:Fred Goodwin
ID: 12027841
If you are using anonymous authentication then IIS will ignore your windows auth.  If this is on an Active directory domain try turning off the Anon auth and just leave windows auth on.  If it is not on a win domain try using basic auth.  Basic auth is not very secure as it sends usernames and passwords in plain text but it will tell us if it is a rights issue.  My first thought was this is the IIS 2 hop issue where you lose credentials on the second hop but it looks like that is not the problem.
0
 
LVL 10

Accepted Solution

by:
jnhorst earned 750 total points
ID: 12028182
From your comments above it looks like the Access database is on the production server and when you try to access it from your dev machine you are trying to access it by way of a network filesystem share.  Am I right on this?  If this is the case, what is happening is that when you try to access it over the network, that attempt is being made in the security context of the IUSR_ account *on your dev box*.  Your production server knows nothing about the IUSR_ account on your dev box and is reejcting the attempt.  What you need to do is create a domain/Active Directory account specifically for authenticating anonymous requests.  Then on both your production server and dev box, set IIS to authentocate anonymoous requests with this account rather than the local IUSR_ accounts.  Of course you will need to give this new domain account the proper permissions to access the MDB file on the production server.

John
0
 
LVL 10

Expert Comment

by:jnhorst
ID: 12028215
Also, keep <identity impersonate="true" /> in web.config.

John
0
 

Author Comment

by:dougfosterNYC
ID: 12028470
I have the Access database on both machines.  I'm trying to have the two machines do the exact same thing.  The only difference is that I'm testing on my own machine so the browser (me, when I'm testing) is on the localserver, so that might be confusing things.  
0
 
LVL 33

Expert Comment

by:raterus
ID: 12029996
If you impersonate with anonymous authentication, both your aspx pages and the database will need to have permissions of the anonymous user configured in IIS.  Is this the case?
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 12068925
Arrrggghhh!!!!  This got me for a long time before I figured out what was happening.  That's one of the a,azingly high number of reasons why I do not use Access for anything anymore.  However, jnhorst has this one right on the money.  This will forever be a sore spot for me.  

dougfosterNYC, the more I develop, the more I find that the Web.Config will almost never be the same in both environments.  However, the rest of the files (barring updates) will.  the reason for this is that on your development machine, you are running as yourself with what I assume is administrative (or close) priveledges.  Whenever you perform network requests, YOUR windows login credentials will always be used.  While developing with Visual Studio, a lot of that is so transparent now that it gets so easy to hit road blocks if you aren't paying attention.  It gets to where you oftentimes cannot tell if you are sending a request to IIS, or other way through the network and windows.

This opens another big can of worms where you can use aspnet_wp.exe to authenticate all request types by file extension...
0
 

Author Comment

by:dougfosterNYC
ID: 12069294
Thanks guys.  I basically got something running, although my web.config is different on each machine.  
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 12069441
** Correction for me - aspnet_wp.exe should be aspnet_isapi.exe **
D'oh!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes in DotNetNuke module development you want to swap controls within the same module definition.  In doing this DNN (somewhat annoyingly) swaps the Skin and Container definitions to the default admin selections.  To get around this you need t…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question