Contents Setting Up a COM/DCOM Server Previous Next

Accessing a Local COM IOM Server from an Active Server Page

When you access a local COM IOM server from an Active Server Page (ASP), SAS and Internet Information Services (IIS) are both installed on the same machine.

Note: This configuration is not recommended. If you have SAS and a Web server ruining on the same machine, they might compete for resources.

To configure local COM IOM in an ASP, you must ensure that the user who is launching the process has the proper permissions. Follow the configuration instructions to configure permissions either for Windows NT 4, or for Windows 2000 and XP.

Configuring Windows NT4 with IIS to Access a Local COM IOM Server

In IIS 4, the System account owns the IIS process and all of its child processes. When the local COM IOM server launches through an active server page (ASP), the launching user is identified as the System account. Use dcomcnfg to verify that the System account has launch and access permissions for the SAS: IOM DCOM Servers application.

Note: This configuration will work for all of the supported authentication methods in IIS 4.

  1. Start dcomcnfg.

  2. Select SAS: IOM DCOM Servers and then select Properties.

  3. Select the Security tab. If the System account does not have access and launch permissions, add the access and launch permissions.

Configuring Windows 2000 or XP with IIS to Access a Local COM IOM Server

In IIS 5, all processes, both pooled and isolated, are now COM+ Applications. For this reason, you must configure an additional level of security and add different users to the access and launch permissions for the SAS: IOM DCOM Servers application. For more details, refer to Configuring Windows 2000 or XP with IIS 5 Remote DCOM and COM+ Settings.

There are two different types of authentication, Anonymous Access and Basic Authentication.

Note: If you are using Windows XP as your Web server platform, it is recommended that you use Basic Authentication instead of Anonymous Access.

Anonymous Access

Enabling anonymous access allows all inbound Web clients to use the identity of the IUSR_<machine name> user. The IWAM_<machine name> user launches the IIS process. Therefore, you must configure the following security permissions

where <machine name> is the name of your machine or a slight variation. These users are part of the \\<machine name>* domain and will appear if you click Show Users.

By default, the IUSR_<machine name> and IWAM_<machine name> users have launch permissions for all DCOM applications. However, use dcomcnfg to verify that the launch permissions are properly configured.

  1. Start dcomcnfg and modify the properties for SAS: IOM DCOM Servers.

  2. Add access and launch permissions for

    • IUSR_<machine name> (Internet Guest Account)
    • IWAM_<machine name> (Launch IIS Process Account)

Basic Authentication

Note: This configuration also works for Integrated Windows authentication.

For basic authentication, all inbound Web clients must authenticate as a specific user in order to gain access to the Web page. The following security options must be configured:

By default, the IWAM_<machine name> has launch permissions for all DCOM applications. However, use dcomcnfg to verify that the launch permissions are properly configured.

  1. Start dcomcnfg and modify the properties for SAS: IOM DCOM Servers.

  2. Add launch and access permissions (Launch IIS Process Account) for the IWAM_<machine name> user.

  3. Add access permissions for any user that will be accessing the ASP through the Web. To add access permissions for users, use dcomcnfg to either

    • add each user individually
    • create a group of users and then add that group.

Contents Setting Up a COM/DCOM Server Previous Next