Accessing a Local COM IOM Server from an Active Server Page

When you access a local COM IOM server from an Active Server Page (ASP), SAS and Internet Information Services (IIS) are both installed on the same machine.

Note: This configuration is not recommended. If you have SAS and a Web server ruining on the same machine, they might compete for resources.

To configure local COM IOM in an ASP, you must ensure that the user who is launching the process has the proper permissions. Follow the configuration instructions to configure permissions either for Windows NT 4, or for Windows 2000 and XP.

Configuring Windows NT4 with IIS to Access a Local COM IOM Server

In IIS 4, the System account owns the IIS process and all of its child processes. When the local COM IOM server launches through an active server page (ASP), the launching user is identified as the System account. Use dcomcnfg to verify that the System account has launch and access permissions for the SAS.Workspace (SAS Version 9.1) application.

1. Start dcomcnfg.

2. Select SAS.Workspace (SAS Version 9.1) and then select Properties.

3. Select the Security tab. If the System account does not have access and launch permissions, add the access and launch permissions.

Configuring Windows 2000 or XP with IIS to Access a Local COM IOM Server

In IIS 5, all processes, both pooled and isolated, are now COM+ Applications. For this reason, you must configure an additional level of security and add different users to the access and launch permissions for the SAS.Workspace (SAS Version 9.1) application. For more details, refer to Configuring Windows 2000 or XP with IIS 5 Remote DCOM and COM+ Settings.

There are two different types of authentication, Anonymous Access and Basic Authentication.

Anonymous Access

Enabling anonymous access allows all inbound Web clients to use the identity of the IUSR_<machine name> user. The IWAM_<machine name> user launches the IIS process. Therefore, you must configure the following security permissions:

• access permissions for both the IUSR_<machine name> and the IWAM_<machine name> users to access the SAS.Workspace (SAS Version 9.1) application
• launch permissions for the IWAM_<machine name> user

where <machine name> is the name of your machine or a slight variation. These users are part of the \\<machine name>* domain and will appear if you click Show Users.

By default, the IUSR_<machine name> and IWAM_<machine name> users have launch permissions for all DCOM applications. However, use dcomcnfg to verify that the launch permissions are properly configured.

1. Start dcomcnfg and modify the properties for SAS.Workspace (SAS Version 9.1).

2. Add access and launch permissions for the following:

   • IUSR_<machine name> (Internet Guest Account)
   • IWAM_<machine name> (Launch IIS Process Account)

Basic Authentication

Note: This configuration also works for Integrated Windows authentication.

For basic authentication, all inbound Web clients must authenticate as a specific user in order to gain access to the Web page. The following security options must be configured:

• access permissions for any user that will be accessing the Web page. Configure access permissions to the SAS.Workspace (SAS Version 9.1) application, as well as the IWAM_<machine name> user.
• launch permissions for the IWAM_<machine name> user. The IIS process is still launched by the IWAM_<machine name> user.

By default, the IWAM_<machine name> has launch permissions for all DCOM applications. However, use dcomcnfg to verify that the launch permissions are properly configured.

1. Start dcomcnfg and modify the properties for SAS.Workspace (SAS Version 9.1).

2. Add launch and access permissions (Launch IIS Process Account) for the IWAM_<machine name> user.
   
   

3. Add access permissions for any user that will be accessing the ASP through the Web. To add access permissions for users, use dcomcnfg to do either of the following:

   • add each user individually
   • create a group of users and then add that group.