Unspecified error - Permissions

D

dancer

Using Asp.net 1.1 and Vb.net

I am learning to update a database using the following:

DBConnection = New OledbConnection("Provider=Microsoft.Jet.Oledb.4.0;" & _
"Data Source=C:\Inetpub\wwwroot\Acc.mdb" )

My application works with no problem on my remote host computer.

On my own computer, using iis and localhost to test it, I got the error,
"Operation must use an updateable query."

1. As instructed, to get rid of this error, I gave full permissions for the
folder, "wwwroot", where the Acc.mdb file resides, to the account - in this
case it was "Internet Guest Account( ..... )" (This seemed the logical
choice) I did it by right clicking on the folder name, then clicking
properties, then security, and scrolling to the account name.

I still got the error message.
This account name does not exist on the folder, "Inetpub" if I right click,
properties, etc.

2. As instructed, I went to the config folder - path -
Winnt\Microsoft.net\Framework\v1.14322\config\machine config, and changed
<identity impersonate="false"> to <identity impersonate="true">

NOW, I get the message System.Data.OleDb.OleDbException: Unspecified
error,
the line called out as the problem being "DBConnection.Open()" which
follows the DBConnect = New.... above

Who has the answer?

Thank you.
 
N

nahid

Using Asp.net 1.1 and Vb.net

I am learning to update a database using the following:

DBConnection = New OledbConnection("Provider=Microsoft.Jet.Oledb.4.0;" & _
"Data Source=C:\Inetpub\wwwroot\Acc.mdb" )

My application works with no problem on my remote host computer.

On my own computer, using iis and localhost to test it, I got the error,
"Operation must use an updateable query."

1. As instructed, to get rid of this error, I gave full permissions for the
folder, "wwwroot", where the Acc.mdb file resides, to the account - in this
case it was "Internet Guest Account( ..... )" (This seemed the logical
choice) I did it by right clicking on the folder name, then clicking
properties, then security, and scrolling to the account name.

I still got the error message.
This account name does not exist on the folder, "Inetpub" if I right click,
properties, etc.

2. As instructed, I went to the config folder - path -
Winnt\Microsoft.net\Framework\v1.14322\config\machine config, and changed
<identity impersonate="false"> to <identity impersonate="true">

NOW, I get the message System.Data.OleDb.OleDbException: Unspecified
error,
the line called out as the problem being "DBConnection.Open()" which
follows the DBConnect = New.... above

Who has the answer?

Thank you.
Click to expand...

hi,
also set a valid user and password
<identity impersonate="true" userName="xx" password="xx"/>

nahid
http://nahidulkibria.blogspot.com/
http://www.kaz.com.bd
 
D

dancer

The previous reply was nothing - only a slip of my finger.

RE: also set a valid user and password
<identity impersonate="true" userName="xx" password="xx"/>
Click to expand...

Then how would I use the user name and password? Would there be code in my
application that would apply the user name and password?
If so, how?

Thanks
 
N

nahid

The previous reply was nothing - only a slip of my finger.

RE: also set a valid user and password


Then how would I use the user name and password? Would there be code in my
application that would apply the user name and password?
If so, how?

Thanks








- Show quoted text -
Click to expand...

hi its ok,
no user name and password should be a power user of the server you
host your application to get all privilege of that user
check it out
http://support.microsoft.com/kb/306158

nahid
http://nahidulkibria.blogspot.com/
http://www.kaz.com.bd
 
D

dancer

I went to your recommended site, and this is what I found.


"By default, the Aspnet_wp.exe process runs under a computer account named
ASPNET. However, this account does not have the required privileges to
impersonate a specific user. You receive an error message if you try to
impersonate a specific user. This information applies only to the .NET
Framework 1.0. This privilege is not required for the .NET Framework 1.1."

I am using 1.1 not 1.0. This language seems to say I shouldn't have to
change the identity impersonate, etc. or am I misunderstanding?

Thank you.
 
J

Juan T. Llibre

dancer,

Save the following code as "identity.aspx" and run it.


identity.aspx:
-------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = "ASP.NET is running as the account : " & tmp
End Sub
</script>
<html>
<head>
<title>What account is ASP.NET running as ?</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
------------

Running that script will tell you the account ASP.NET is running as.

Giving that account permission to access/modify C:\Inetpub\wwwroot\Acc.mdb
should eliminate the problem you're having.

You do not have to impersonate, unless you are accessing a file on a network share so,
if you don't need to do that, eliminate the "impersonate" entry in web.config, and just
give access permission to whichever account identity.aspx returns.






Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
D

dancer

Thank you, Juan, for answering.
I changed back the config file. I ran your code. The results were "ASP.NET
is running as the account: SANDRAST\IUSR_SANDRAST."

This is the same account I gave full control before, except it is listed as
Internet Guest Account(SANDRAST\IUSR_SANDRAST)
I checked to see if it still has full control.
Now I get the former error, "Operation must use an updateable query."
The folder I gave permissions to was "wwwroot". (where my file is located)
The folder over it, "InetPub" does not have that account listed in the group
of accounts. Should I try to get that account there too?
 
J

Juan T. Llibre

dancer,

didn't we go over this problem with you a few days ago ?

You are running on Windows XP, right ?

The default account for ASP.NET on Windows XP is ASPNET.
In your case, it would be SANDRAST\ASPNET

If the account ASP.NET is running as is SANDRAST\IUSR_SANDRAST,
then you must be impersonating the ASP.NET account, and you have

<identity impersonate="true" />

....in you web.config.

Get rid of that, or change it to :

<identity impersonate="false" />

....and run identity.aspx again.

NOW, the account returned should be SANDRAST\ASPNET or, simply ASPNET.

THEN, give the ASPNET account permission to the directory where acc.web is located.

Btw, I had also recommended to you that you create an App_Data directory
under wwwroot, so that your database's security isn't compromised.

Nobody can download your Access database from the App_Data directory.
On the other hand, it would be very easy to download it from the wwwroot directory.

So, create the App_Data directory under wwwroot, do what I say above,
and give the ASPNET account read/write/change permissions to the App_Data directory.

If, for some strange reason, you *still have the IUSR account listed as the
ASP.NET account after you do all that, then open a command window to :

Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

....and issue the following command:

aspnet_regiis -GA SANDRAST\ASPNET

That will reinstate SANDRAST\ASPNET as the default ASP.NET account.

Now, make sure that you have <identity impersonate="false" />
in the web.config...and make sure that acc.mdb is in the App_Data directory,
and make sure that SANDRAST\ASPNET has read/change/write permissions
to the App_Data directory and to all the files in it.

None of this will work, however, if you are not running NTFS as your file system.
If you are not, postback and I'll tell you how to convert your file system to NTFS.

Otherwise, just doing what I've outlined will fix your problem.






Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
D

dancer

1. RE: "didn't we go over this problem with you a few days ago ?"
No, you helped with a somewhat different problem on my *Remote Host
Server* And you helped me well. That problem is SOLVED.
This is a problem on my Local Computer for testing purposes.

2. RE: "The default account for ASP.NET on Windows XP is ASPNET.> In your
case, it would be SANDRAST\ASPNET
If the account ASP.NET is running as is SANDRAST\IUSR_SANDRAST, then you
must be impersonating the ASP.NET account, and you have> <identity
impersonate="true" />...in you web.config."

I changed the web.config file to "false", but I had run the
Identity.aspx BEFORE I changed it. Now it *does* say SANDRAST\ASPNET when I
run the Identity.aspx.
But my problem now is that SANDRAST\ASPNET does NOT appear among the user
names on the Security tab of Properties of the folder. There are several
others, but none with ASPNET.

3. RE: " Btw, I had also recommended to you that you create an App_Data
directory under wwwroot, so that your database's security isn't
compromised."

You recommended that for my *Remote Host Server*. The problem I have now
is with my local computer. I'm running iis for *testing purposes* before I
download it to my host server. Would anybody have access to that folder
besides me, since it's not on the internet?

Thank you. You always have a great insight into my problems! I'm betting
you can solve this one too.
 
J

Juan T. Llibre

re:
!> I changed the web.config file to "false", but I had run the Identity.aspx BEFORE I changed it.
!> Now it *does* say SANDRAST\ASPNET when I run the Identity.aspx.

Good. That's a step in the right direction.

re:
!> But my problem now is that SANDRAST\ASPNET does NOT appear among the user
!> names on the Security tab of Properties of the folder. There are several
!> others, but none with ASPNET.

Make sure you do *not* have "simple file sharing" selected for the directory.
That's the default for XP...and prevents assigning permissions.

1. Open Windows Explorer;
2. Tools -> Folder Options -> View tab;
3. Uncheck User simple file sharing (Recommended) box.

After that, you should be able to just write in the ASPNET account name, or search for it.

Also, did you run :

aspnet_regiis -GA SANDRAST\ASPNET

?

That will grant all the permissions needed for the whole wwwroot directory tree,
if you're running NTFS on your boot drive, to the SANDRAST\ASPNET account.

Again, you need to be running NTFS for any of this to work. Are you ?

re:
!> You recommended that for my *Remote Host Server*.

Yes.

re:
!> The problem I have now is with my local computer.
!> I'm running iis for *testing purposes* before I download it to my host server.

And, presumably, that means that you can live with two different database locations in both boxes ?
Wouldn't it be better for you to standardize the folder where the database resides?

Even if there's no security implications for you in your local computer,
doing that will save you a lot of reconfiguration when you upload to the server.

re:
!> Would anybody have access to that folder besides me, since it's not on the internet?

See above...




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
D

dancer

"simple file sharing" is not checked.

I cannot write in SANDRASTASPNET, nor does it find it when I search (from
the security tab of the properties of the folder)

I am preparing to give the command aspnet_regiis -GA SANDRAST\ASPNET. But
you said go to c:\WINDOWS\Microsoft.Net\Framework\v2.0.50727. I am using
v.1.1.4322. I assume I should go there. Will the version make any
difference in the command?

Also you said "That will reinstate SANDRAST\ASPNET as the default ASP.NET
account." But when I ran the Identity.aspx it says SANDRAST\ASPX *is* the
account.

I want to get it right before I issue any "commands."

Thank you, Juan.
 
J

Juan T. Llibre

re:
!> Also you said "That will reinstate SANDRAST\ASPNET as the default ASP.NET account."
!> But when I ran the Identity.aspx it says SANDRAST\ASPX *is* the account.

Yes, that's fine as it is.

You *made* it the default account *again* when you removed
the impersonate property from web.config ( or set it to "false" ).

re:
!> I am preparing to give the command aspnet_regiis -GA SANDRAST\ASPNET. But
!> you said go to c:\WINDOWS\Microsoft.Net\Framework\v2.0.50727. I am using
!> v.1.1.4322. I assume I should go there. Will the version make any
!> difference in the command?

aspnet_regiis -GA will not work in the .Net Framework 1.1.
It's a .Net 2.0 feature.

You are going to have to find a way to find the ASPNET account on XP,
so you can add it to the list of accounts which have access to your data directory.






Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
D

dancer

Juan,
On a whim, I gave full control to Users(Sandrast\Users) and then ran my app,
AND IT WORKED!
Thank you for getting me back so I could do that.
I *really* *really* appreciate your efforts on my behalf. Not only your
knowledge, but your ability to understand what I'm saying, and your ability
to explain are excellent!
I hope you will look for my posts and continue to help me. I'm slowly - and
sometime erratically - but surely movin' on up!

De dónde es? Dónde recibió su entrenamiento?
 
J

Juan T. Llibre

One last stab...if you're up for it.

Try this :

First, open a command window in

drive:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

and then, run this command :

aspnet_regiis -u

That will *unregister* the .Net Framework with IIS, and delete the ASPNET account.

Then, issue *this* command :

aspnet_regiis -i

That will *recreate* the ASPNET account and assign all the permissions it needs.

That *should* work, now that you have removed the "<impersonation...> code.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
D

dancer

Juan,
You must have written this reply BEFORE reading my last reply. I have
copied that one here, in case you didn't read it.

Thank you.

On a whim, I gave full control to Users(Sandrast\Users) and then ran my app,
AND IT WORKED!
Thank you for getting me back so I could do that.
I *really* *really* appreciate your efforts on my behalf. Not only your
knowledge, but your ability to understand what I'm saying, and your ability
to explain are excellent!
I hope you will look for my posts and continue to help me. I'm slowly - and
sometime erratically - but surely movin' on up!

De dónde es? Dónde recibió su entrenamiento?
 
J

Juan T. Llibre

re:
!> You must have written this reply BEFORE reading my last reply.

Yes, I posted that before seeing your reply.

re:
!> Thank you.

You're quite welcome...

;-)





Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ADD RECORDS 14
Unspecified Error - 2
Compilation error - Parameterized update 5
Operation must use an updateable query 3
Unspecified Error! Help 1
Configuration Error Message 8
Line break VB.NET 4
error running off IIS 4

Top