Frontpage Error on form in secured directory

J

jgramke

I've got IIS6 running. I've got a Frontpage generated form in a
subdirectory of this website. I want to limit access to that form to
a certain group of users local AD users.

To do this, I disabled anonymous access in IIS. Next I went to the
ACL's on NTFS, and took away permissions for iusr_machine, interactive,
and network, and added permissions only for the users I wish to be able
to access this form.

The form writes results to _private. When I hit submit, I get

Frontpage Error.
User: please report details to this site's webmaster
Webmaster: please see the server's application event log for more
details.

There are no errors in the application event log.

It all hinges around me taking away permission for the NETWORK user on
the directory containing the form. If I allow permissions for the
NETWORK user, every user on the domain can see the form if they provide
their AD credentials, so I don't want that. If I take permissions
away from NETWORK, then only the users in my specified group can get at
the form, but submitting it causes the above error.

Does anybody have any guesses?
Does anybody know if there is a way to make the error show up in a
logfile somewhere?

Thanks,
Jim
 
T

Thomas A. Rowe

In order to write to the _private folder, the IUSER account must have access. Consider using ASP or
ASP.net to control access and process the form to a database.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
J

jgramke

Thanks for your suggestions Thomas,

ASP would be nice, but it's not an immediate fix. I've got 20
professors, none of whom are programmers, with numerous frontpage forms
established, that broke in our recent IIS5 -> IIS6 conversion.

As for the permissions on _private -- I've gone as far as to set
_private to "Everyone full control" with no change. It seems it's the
change in permission on the directory where the form resides that makes
the difference.

I'm guessing something with the way the FPSE DLLs need to operate --
but I suerly don't understand their inner workings.
 
T

Thomas A. Rowe

There really shouldn't have been any conversion, just installing the FP extensions on IIS 6, and
then let FP manage permissions, and then publish the from the old server to the new server, should
have been all that was required. Keep in mind that Windows 2003 comes locked down, so security
related features that worked in Windows 2000 by default are disabled by default in Windows 2003 and
must be manually enabled.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
J

jgramke

Thomas, you were right. The problem was that on the directory where
the form resided, I had taken away permission for iusr_machine.
Auditing told me that it was iusr that was failing to gain the
necessary access. It is also necessary to have write access for the
results file in _private.

Thanks for your help!

Jim
 
T

Thomas A. Rowe

Glad you go it solved.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
J

jgramke

True, it's best to let frontpage manage permissions itself. But then
what if you want one directory of a frontpage web to be secured --
accessible only by certain people? The only way I know is to tinker
with the NTFS level permissions. That or create a new nested
subweb. I'd surely like it if there was another option I don't know
about.

Jim
 
T

Thomas A. Rowe

Server-Side Scripting and a database is another option

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Form not working 5
frontpage error 13
Form Error 4
Microsoft FrontPage: FrontPage Error when sending email from Form 1
FPSE Form using .DAT file type getting FrontPage Error 1
Error Message on FormMailer 1
FrontPage Error with <FORM> 4
FrontPage Error 8

Top