IIS7.5 MS Access Authentication

Question

I have IIS7.5 with two websites, and I have an Access database on a server on our network.

The first website has anonymous auth on, using a specific network account (lets say 'jim.smith').

The second website has windows auth on.

I've written some ASP to use a DSN-Less connection to the Access database, and I'm using the same code in both websites.

When logged on to a computer with the same network account as is in use with the first website anonymous setting ('jim.smith') - when viewing in a browser, the first website has access to the database, the second website does not.

The error message is: 80004005 The Microsoft Jet database engine cannot open the file '...'. It is already opened exclusively by another user, or you need permission to view its data.

It is definitely not opened by another user.

So the first website is being accessed by network user 'jim.smith' via the anonymous setting.

The second website is being accessed by network user 'jim.smith' via windows auth.

Why would access to the database work from website one, and not website two..?

Does anyone know how to make windows auth work the same as the anonymous setting so I have access to the database from website two..?

Cheers!

Steve

Edit: Everyone has full rights to the folder where the database sits.

Have you looked at permissions on the folder? Access creates a lock file (ldb) and if users do not have permissions on the folder, they cannot access the lock file and therefore cannot use the database. — Fionnuala, Mar 08 '12 at 12:36
Yes, sorry, should've said that, everyone has full rights to the folder. But like I said, it should be the same user (jim.smith) being used from both websites anyway, so the same level of permissions *should* apply. The difference is one website is anonymous (using jim.smith's account) and one is windows auth (logged on as jim.smith). — Stephen Last, Mar 08 '12 at 13:14

score 0 · Answer 1 · answered Mar 08 '12 at 14:11

Seems to me that you need to enable impersonation so that the incoming user is used to acces the database. Otherwise the user of the application pool is used and this usually doesn't even have right on the server itself ( Application Pool Identity)

When using 'Integrated Pipeline' on IIS on the server, and if your application does not rely on impersonating the requesting user in the 'BeginRequest' and 'AuthenticateRequest' stages (the only stages where impersonation is not possible in Integrated mode), but still requires Impersonation in other areas of the application, ignore this error (500 - Internal Server Error) by adding the following to your application’s web.config

<system.webServer>
      <validation validateIntegratedModeConfiguration="false"/>
</system.webServer>

See: http://allen-conway-dotnet.blogspot.com/2010/11/how-to-use-impersonation-in-aspnet.html

Thanks for the reply Schwarzie2478, I tried adding this line to my web.config file but it still doesn't work. For the record, I'm using Classic ASP not .NET. — Stephen Last, Mar 08 '12 at 14:35

IIS7.5 MS Access Authentication

1 Answers1