|
NOTE: Please be sure you are an Administrator on your PC before
installing to avoid any issues.
You may have to set the security permissions to enable launch and activation
permissions on the Microsoft Excel/Word/PowerPoint application class within the
component services section. The Component Services can be found within
Administrative Tools, You then open up the Console Root, component services,
computers, my computer, DCOM Config and select the Microsoft Excel Application.
Then click on the security tab and enable launch and activation permissions on
the component for the application / user that is using the component.
Back to Top
A) Make sure that in IIS (Internet Information Server) under directory security
you are not using ‘Integrated Windows Authentication’.
B) Two important things to consider:
-
IIS will be impersonating the client account when
accessing your ActiveX
EXE. Hence, the EXE will need configuring with dcomcnfg.exe in order to
accept connections from different accounts. By default, an ActiveX EXE runs
in the context of the "launching user". Hence, if there are several distinct
client users then you would end up with multiple instances of your ActiveX
EXE running. In the dcomcnfg properties for the EXE, I typically set
'Authentication Level=None' (in the General tab) and a specific user account
in the Identity tab.
-
The ActiveX EXE needs to be registered on both the web
server (where ASP
is running) and on the remote server (where you expect the ActiveX EXE to
run). Also, it must be the same version of that EXE registered in both
locations. When the ASP page comes to access the EXE, the details (either
ProgID or ClsID) are looked up first in the local registry before calling
out to the remote server machine.
C) If you are using Active Directory to authenticate users who would
enter your ‘admin’ section, that is were they can upload and run the Application
(e.g. 'Convert Doc' or 'Diff Doc'). A side effect of them logging via Active
Directory authentication was that it tried to trigger the Application as
that user, who did not have the correct privileges. We took this out and it
worked, the code on the page was,
Here it is:
<%
' Force a username and password
If Request.ServerVariables("LOGON_USER") = "" Then
Response.Status = "401 Access Denied"
Response.End
End If
%>
Back to Top
If any of your other clients are running convertdoc using command line
options and wscript, changing the authentication level to "none" on
convertdoc.clsconvertdoc via dcomcnfg.exe resolved my problem.
Back to Top
-
99.9% of all issues (especially with servers) has to do with installing. You
must install with all the necessary privileges, rights etc. Installing
as an administrator usually solves problems of this nature.
-
When a COM component is run with a specific (not interactive) user
identity, no HKEY_CURRENT_USER registry entries are loaded. Instead,
values from HKEY_USERS\.DEFAULT are used. In this instance, because some
entries relating to installed MS Office components were missing from the
HKEY_USERS\.DEFAULT entries, this resulted in the MS Installer
attempting to install the components each time the COM object was
invoked. Once the missing registry keys were identified (from the
application log using event viewer) it was a simple matter of adding
these to HKEY_USERS\.DEFAULT.
-
More info on COM+ Wrappers, click
HERE.
-
From a customer: "I finally was able to get the COM+ interface within an ASP
page to work as expected. I tried all the recommendations in the FAQ
Security Issues (on-line) without success until I completely removed the
software (including uninstalling it, removing any registry keys, deleting
the actual exe file after rebooting the server) and reinstalled it. I then
made some changes as outlined in the documentation (click
here for this
documentation) and the component finally worked. I’m thinking that the
previous version must be completely removed (files, registry, program) and
then reinstalled.
Back to Top
'Access Denied' error when trying to create an instance of the
Application on a server
Problem : When developing an ASP.Net application on Windows 2003 Server
operating with IIS v6.0 it is possible to get an 'Access Denied' error
when trying to create an instance of the clsConvertDocClass exposed via
Interpop (an instance of UnauthorisedAccess exception).
Resolution : The problem can originate becuase of the security
perissions on the 'Network Service' account - which is the default
identity for an Application Pool. To avoid the error change the identity
under which the Application Pool is created to one that has sufficient
privileges - such as the 'Local System Account'. This can be done on the
'Identity' tab on the Properties dialog for the application pool (found
in IIS Manager).
Back to Top
If we log onto the server using the interactive user account before
starting the COM+ application, ConvertDoc works as expected.
Back to Top
This is caused by the user running the server process not having
permission to run the Excel/Word COM object. The following link explains
it a bit. (Search for
"HKLM\Software\Microsoft\Ole\DefaultAccessPermission".)
http://www.codeguru.com/Cpp/COM-Tech/activex/security/article.php/c5555
In Windows 2003 Server the "DCOMCNFG" command is part of Component
Services (the "DCOM Config" section.) Under "DCOM Config" there is an
entry for "Microsoft Excel Application" which needs to have it's access
permissions and its "launch and activation permissions" set.
Back to Top
|
