Solved

Visual Studio and Server 2003

Posted on 2006-07-02
11
671 Views
Last Modified: 2012-08-13
I am a Linux person that is moving to Windows technology. I cannot get Visual Studio 2005 Pro to connect with my Windows 2003 Server. I do not understand the Windows authentication system at all. If I use advanced digest where am I entering this information? Active Directory, yes, but where? Nothing works after several weeks. I miss Apache and SSH2.
0
Comment
Question by:blackmar
  • 3
  • 2
  • 2
  • +1
11 Comments
 
LVL 6

Accepted Solution

by:
engineer_dell earned 25 total points
ID: 17030686
0
 

Author Comment

by:blackmar
ID: 17033609
How do you ftp to Win Server 2003 from VS2005? Anonymous. How does it choose which credentials it uses? Why can I not add files when I am "logged on"? Why is it not encrypted when it is not anonymous? This is backward. How do I just get a freaking login screen like every other authentication system in computer history. Why does Microsoft suck at everything they have ever done or will do????
0
 
LVL 16

Assisted Solution

by:Redwulf__53
Redwulf__53 earned 25 total points
ID: 17035448
Please calm down. I understand your frustration, but it's just another world. It's not that one is necesserily better than the other, it's just what books you've read and there is no point in MS bashing in the Windows forum.....

First of all: am I correct to assume you are trying to connect to a server to develop a Web Application?
It's fundamental to understand that VS does NOT use FTP to push the web app to IIS, but WebDAV over HTTP protocol.
In that case; it's most sensible to develop the application locally on the webserver of your dev workstation, then when you're done use "Deploy to production server", but it is possible to do the actual development on a remote server, but you'll need to configure some additional debugging on the server. In this case, in the screen where you set up your new project, instead of http://localhost/WebApplication1, choose the url of your 2003 server. If you insist on encryption for the publication, use https.
It's fundamental to understand that VS does NOT use FTP to push the web app to IIS, but WebDAV over HTTP protocol.
When your development workstation is member of the same domain as the server, in IIS you only need to allow "Integrated Authentication", not the "Digest authentication" method.
Please let us know specifically what your setup is and what you need to do and we'll get you up and running.
0
 

Author Comment

by:blackmar
ID: 17038881
Thank you for the response.

I have setup an admin user in Active Directory. I have installed the Front Page extensions. I am at least getting a promt for a user/pass and it is connecting, but it will not let me add directories or place files. It says: The folder " " is an executable. You are not allowed to put folders into an executable on this folder.

It must be a permissions issue but it is an admin level login and I have provided "full control" to the user in IIS.

If I keep the project local and use the "copy to site" function, it connects but will not transfer files. The log says:
Unable to add folder 'App_Data' to the Web.  Cannot create folder "App_Data".

I still do not understand the Windows Authetication system. If it does not promt for a user/pass how does it determine which credentials to use. If I uncheck "anonymous" it warns me the login info will be sent clear text.

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 16

Expert Comment

by:Redwulf__53
ID: 17040511
" have setup an admin user in Active Directory. I have installed the Front Page extensions. I am at least getting a promt for a user/pass and it is connecting, but it will not let me add directories or place files. It says: The folder " " is an executable. You are not allowed to put folders into an executable on this folder. "
->IIS by default does not allow a lot of things, even for the administrator, so it is more secure "out of the box". Use the Internet Information Services management console to allow these. In the Properties of the web site, on the Home Directory tab, enable Write. To enable your EXE files to run from the web page, you may need to set Execute Permissions to "scripts and executables".  These permissions are for HTTP access to the site. Additionaly, the permissions on the site are dictated by the file permissions (NTFS permissions) on the c:\inetpub\wwwroot folders. When you enable "anonymous access", IIS uses the "IUSR_computername" user account to impersonate. This account should therefore have Read access to this folder.

"I still do not understand the Windows Authetication system. If it does not promt for a user/pass how does it determine which credentials to use. If I uncheck "anonymous" it warns me the login info will be sent clear text"
-> If Anonymous is enabled, the browser will try to get the pages first without login. When there's an Access Denied, the browser will try to use the Windows user account you're logged in with  at the client PC first. If that also doesn't work, the browser will prompt for credentials. With integrated authentication, the password WILL be encrypted, but with the other methods it will be plain text.
0
 
LVL 12

Expert Comment

by:GinEric
ID: 17041011
Windows has grown up.  What you're most likely missing is the RSA key pairs, the Certificates as Windows calls them.

If you know Secure Shell, then you know that the ssh requires keys.  If it doesn't find them, it reverts to the login prompt and basic plain text.

Additionally, there are a lot of new features in Windows Server 2003, things like DCOM [Distributed Component Object Model], which means that everything now has to have permissions, users, applications, files, directories, even to launch and run.

The problem with Windows exporer products, Internet Explorer, Windows Explorer, most of their integrated ftp and other stuff "remember" the username and password of the user accessing things.  This means that if you try to login to somewhere else, Windows tries to do it with that old information.  The general result is Access Denied.  That's because Windows sent a username and password that probably don't match the account being logged into.  This is further exascerbated by Windows generally disallowing a blank password, for things like guest, and screwing up the email as a password for anonymous.  Add to that the requirements for password complexity rules by Windows and login is almost certain to be denied.

"If I keep the project local and use the 'copy to site' function, it connects but will not transfer files. The log says:  Unable to add folder 'App_Data' to the Web.  Cannot create folder 'App_Data.'" this is almost certainly a DCOM problem, that is, writing to the directory itself is forbidden by the combination of Data Execution Prevention [DEP] and DCOM.  Secondly, if you're using Internet Information Server [IIS], you must give write permissions for that directory, preferably on a per user basis, and, you may have to provide for remote access permissions as well.

All of the current Windows permissions and security is basically a clone of the Linux chmod permissions, think of it that way, but now you'll have to figure out how to chmod with the Windows gooey [Graphical User Interface (GUI)], rather than a text editor or a commandline.

Yep, you're going to have to do a lot of reading and figure out where all of this stuff is set by point and click in Windows.

A "digest" is a hash.  RSA and others are hashes and digests.  You have to have the right ones at both ends and you have to have private and public keys, even if their called "certificates."  Things must "jibe" or it won't work, the login that is.  Your session key is based on these, just as it is in Linux.  If that key is invalid, then you have no permissions.  The encryption and decryption is in the key pair.  You need two keys to gain access, a public key and a private key, which also means you need keys on the server and the workstation.  Access is further delineated by the three realms of Windows authentication, login, permissions, and DCOM.  Although you may also have to adjust the COM section under
Component Services | Computers | My Computer | COM + Apllications

Remember that all other permissions affect all other permissions, and if one deny is in any of them, generally, you will get Access Denied for whatever you try to do.

So, it will be a bit of reading to get a full understanding of how programs and users interact.

Good luck!
0
 

Author Comment

by:blackmar
ID: 17061957
I am able to login. VS is adding the folder but then saying I cannot add an executeable to it. The permissions ARE set to allow the files. Anyone out there know anything about Windows Server? I should not have to read 500 pages of manuals to add one file to my server. It is some kind of permissions issue, the authentication phase of the nightmare is past.
0
 
LVL 12

Expert Comment

by:GinEric
ID: 17064119
"VS is adding the folder but then saying I cannot add an executeable to it."

Then you don't have write permissions to that folder.  Any deny access in the chain will stop you.  Whether it's in the COM section or the DCOM section, this is how Windows Server 2003 works.  When you're doing an install, watch for "setting COM permissions."  It may also say something about DCOM, but I've seen most installs do this.

I'm installing Visual Studio now, so I'll get a better picture of how it installs.

I didn't want to read 500 pages of manuals either, but have no choice, since Windows Server 2003 won't let most applications run out of the box.

It wouldn't let my nVidia drivers and software run and they're part of the motherboard driver set.  This was very frustrating.

Start | Administrative Tools | Component Services

under Component Service | Computers | My Computer

there is COM+ Applications and DCOM Config

are about a gazillion new permissions!  Also, see this to understand how difficult it is to get something working because of these new permissions schemes: http://www.musics.com/manhtml/nVidia/A_21870899.Q_21870899.html#FixnVidia

This all happened once the role of Domain Controller was assigned to the box.

By the way, this is a Linux creation ported to Windows.  It was ported to Linux from Unix.  It was ported to Unix from mainframes and the Distributed Component Object Model.  To understand it, you should, as an administrator or a programmer, understand the Component Object Model and the Distributed Component Object Model.  The whole purpose of which is to control everything as if all things on a computer were treated as a file, which they are in Unix and Linux and now Windows.  Whether you call it a file or an object makes no difference, it all means the same thing, Object Oriented Programming, the very basis of C itself.  Which was based on a model predating all of them.  Every function, every user, every tiny little bit, has its own permissions which are supervised by the Operating System.  All this just to keep whacky programs from disrupting the system.

If a program even attempts to break its permissions, it is killed instantly and a dump is taken, usually a small stack dump at first, but if let out of the bag, a system dump will result.

It's an extremely tight permissions system and when you add the hardware design of an Execution Bit, Code Segment Tags, and proper Errorhandling, nothing can get out of the bag and that's the whole point behind modern computer security and 64-bit systems.  I said this before, the objective is to stop errant programs before they start, ones like viruses and such.  Permissions are set per user, per object, even down to per function [which is an object].  Distributed Component Object Modeling means distributed over a network, running on many machines and many processors, and you can see that any user or function out of control could bring down the entire network and every machine on it.  Therefore, such tight permissions are mandatory.

If "inherit permissions" are set and the permissions disallow setting any Execution Bit or permissions, you may not, in fact, be able to add an executeable to a directory.  Understand?

Two important permissions are "Launch" and "Execute."  So you need two permission now to run anything.  The user must have these permissions and the application that the user is trying to run must have these permissions.  If an application is the user or service, then it must have both permissions.  There can also be no permission in the entire chain that disallows these permissions.

You didn't want to read the manuals, so there's the whole thing in a nutshell.

Be back after Visual Studio is installed.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now