Date: Tue, 7 Jun 2005 05:19:51 -0600
Reply-To: Alan Churchill <SASL001@SAVIAN.NET>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: Alan Churchill <SASL001@SAVIAN.NET>
Subject: Re: DCOM (for ASP) & Windows 2003 Server Configuration
In-Reply-To: <003501c56ab6$7701b580$05a8fea9@SELMA>
Content-Type: text/plain; charset="US-ASCII"
DJ,
Glad that this all worked out. Rich is one of the best support guys at SAS
so not surprised that he was the one that got it working.
All of that security in IIS is necessary but it could be easier to trace
where the failing happens. Since I am here at TechEd this week, I'll try and
ask the Microsoft guys about IIS7 and what they expect to do to simplify
debugging security errors. They have put up some tools recently to simplify
it but this is a common issue when deploying SAS Integration Technologies.
Also, I would suggest you make sure that you lock down or validate any
textboxes on your webpages so that someone can't do something like this
(pseudo-code):
First Name: Alan; %macro hack; x 'format c:\';%mend hack; %hack;
You've authorized a user to the system so you don't want them going where
the shouldn't or submitting something malicious through a textbox.
Thanks,
Alan
Savian
"Bridging SAS and Microsoft Technologies"
-----Original Message-----
From: DJ Penix [mailto:dj.penix@psiconsultants.com]
Sent: Monday, June 06, 2005 10:41 AM
To: 'Alan Churchill'; SAS-L@LISTSERV.UGA.EDU
Subject: RE: DCOM (for ASP) & Windows 2003 Server Configuration
Alan -
With some help from SAS Tech Support (kudos to Rich Lee at SAS!) we were
able to isolate the problem and configure it correctly to get the
application working. I figured it was a simple configuration
modification, and it was. Here's what we did:
In the "SAS: IOM DCOM Server Properties" (specific to SAS 8.2 and IIS6.0
configuration!!) we needed to specify that the user account to run the
application is "This user:" and create an account that has read/write
permissions to SASWORK and SASUSER.
Note that this is different from the current production system (SAS 8.2
and IIS5.0) where we can specify "The launching user".
I believe you had indicated this as an option for me to try during our
phone conversation as well. I appreciate you pulling some time away
during your vacation to discuss some options with me over the phone.
I am also very curious to play with your .NET configuration. I will play
with that on our SAS 9.1.3 server. We're running Apache web server
though so I don't anticipate as many security issues as the IIS6
configuration!
D.J. Penix
Pinnacle Solutions
www.psiconsultants.com
-----Original Message-----
From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of
Alan Churchill
Sent: Thursday, June 02, 2005 7:29 PM
To: SAS-L@LISTSERV.UGA.EDU
Subject: Re: DCOM (for ASP) & Windows 2003 Server Configuration
DJ,
Here is some more info beyond what we discussed on the phone.
First of all, this isn't an 8.2 vs 9.13 issue as far as I know. Please
make
sure all of your 8.2 patches are up to date.
I honestly think that you may not be able to connect classic ASP to a
DCOM
service under Windows Server 2003 due to security considerations.
Nonetheless, here is a checklist that may help out.
The below is for IOM but you can also look at using local since you are
running on the same server. Another consideration is to redevelop the
app
under ASP.Net and avoid the security issues you are seeing.
Here is the configuration for a .NET/SAS website which should provide
clues:
=======================================================================
====
Instructions for setting up the SAS-Microsoft .NET Demo Web Page
Prerequisites
Microsoft
.NET Framework
IIS 6.0 or later
Visual Studios.NET (optional)
SQL Server (optional for certain features)
SAS
Base SAS 9.0
Integration Technologies
Installation of demo
1. Unzip the demo to c:\ and accept the option of keeping existing
file
names. This is the default directory for an IIS install. If you have
placed
your web directory in a different location, you may need to make changes
in
the actual demo.
Set up a new user
1. Add a new user to the system. Here are the details:
. Username: sastest
. Password: sastest
2. Set it up so that the user does not expire and doesn't have to
change their password next logon
Create a shortcut to start SAS
1. Assuming that SAS is installed in its default location, create a
shortcut on your desktop with the following properties:
. Target: "C:\Program Files\SAS\SAS System\9.0\sas.exe"
-objectserver
-objectserverparms "port=1234 protocol=bridge lockserver" -noterminal
-nologo
. Start in: "C:\Program Files\SAS\SAS System\9.0"
Configuring IIS
1. Go to your default website in IIS.
2. Select 'SAS' website, properties, 'Directory' tab, and 'Create'
under Application Settings. If you only see 'Remove' then you are set up
properly. You should see the 'SAS' as the application name.
3. Select 'SASWebService' website, properties, 'Directory' tab, and
'Create' under Application Settings. If you only see 'Remove' then you
are
set up properly. You should see the 'SASWebService' as the application
name.
4. Select 'demo' website (under 'SAS' website), properties,
'Directory'
tab, and 'Create' under Application Settings. If you only see 'Remove'
then
you are set up properly. You should see the 'demo' as the application
name.
Configuring COM
1. Go to a command prompt and type in 'dcomcnfg'
2. Under 'Component Services', select 'Computers', 'My Computer',
'DCOM
Config'
3. Go to the properties of SAS IOM DCOM Servers, Under General, set
the
application security settings to None. If in a production environment,
you
would want this to be more secure but this will suffice for the demo.
Configuring Local Security Settings
1. Go to Administrative Tools, Local Security Policy, Local
Policies,
User Rights Assignment
2. Double-click on "Log on as a batch service" and add in 'sastest'
Start the service
1. Start the SAS service from your shortcut created earlier
2. Open up a web browser window and type in the following:
http://localhost/sasasp/default.aspx
=======================================================================
===
Thanks,
Alan
Savian
"Bridging SAS and Microsoft Technologies"
-----Original Message-----
From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of DJ
Penix
Sent: Thursday, June 02, 2005 5:15 PM
To: SAS-L@LISTSERV.UGA.EDU
Subject: DCOM (for ASP) & Windows 2003 Server Configuration
We're struggling with getting SAS 8.2 Integration Technologies & DCOM
configured for the Windows 2003 Advanced Server which runs Internet
Information Services (IIS) version 6. We can get the direct connection
to test correctly using the SAS IT Administrator utility; however we are
not able to run any ASP on the IIS web server. We are very confident
that we are not setting a permission correctly in DCOM and/or IIS 6 to
allow the application to work correctly.
All of the documentation from SAS regarding DCOM and SAS IT
configuration refers to Windows 2003 Server AND SAS 9.1.3. We cannot
find documentation for Windows 2003 Server and SAS 8.2. Unfortunately
upgrading to SAS 9 on this server is not an option until late 2005 /
early 2006 so we need to figure this out with SAS 8.2.
The permissions and DCOM configuration "wizards" are different from the
Windows 2000/XP servers and Windows 2003 server.
Is anyone aware of documentation for SAS 8.2 Integration Technologies
(DCOM for ASP) and Windows 2003 Server? Or has anyone else had similar
experiences configuring Windows 2003 Server permissions?
Thanks in advance.
DJ
