If No Anonymous Access is selected, then impersonation must be set to True in order for your application to run. The application will run under the user connecting to the application. Microsoft Internet Explorer passes the Windows credentials to the server, and the application runs under the passed credentials.
Other browsers like Mozilla Firefox, Opera or Netscape do not pass the Windows credentials to the server. When accessing your application through non-Internet Explorer browsers, you will see an “Enter username and password” dialog to specify the user under which the application should run.
As different users access the application from different systems, their individual Windows credentials are passed to the server by Microsoft Internet Explorer. The server uses these credentials to access the application folder, the temporary ASP.NET files folder as well as the database file or server.
1. Application Folder: The user connecting to the application must have read and execute privileges on the Application Folder (e.g., C:\MyApp) and all files and sub-folders within this folder. If the user does not have read and execute privileges, they will receive one of several error messages such as “HTTP 401.2: You are not authorized to view this page”, “CreateIdentity failed”, or other messages that indicate that files or directories cannot be created or accessed.
2. Microsoft .NET Framework Temporary Folder: The user connecting to the application must have read, write and execute privileges on the Microsoft .NET Framework Temporary files folder (e.g., C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files) and all files and sub-folders within this folder.
1. Microsoft Access Database File and Folder: If you are using Microsoft Access, the user connecting to the application must have read, write and execute privileges to both the file and the folder containing the Microsoft Access database.
2. Microsoft SQL Server using Windows Authentication, Database on Same Server: If you are using Microsoft SQL Server database using Windows Authentication, then the user connecting to the server must have access to Microsoft SQL Server. This is by far the most common reason why data is not displayed in the application. To fix this problem, you can either:
Set the Virtual Directory to Allow Anonymous Access;
Set Microsoft SQL Server to use SQL Server Authentication; or
Provide each possible user an account in Microsoft SQL Server.
3. Microsoft SQL Server using Windows Authentication, Database on Different Server: Microsoft .NET Framework does not allow a “double hop” in transferring credentials, so this scenario will not work. Double hop refers to passing credentials from the browser to the application server, and then again from the application server to the database server. To fix this problem, either:
Set the Virtual Directory to Allow Anonymous Access; or
Set Microsoft SQL Server to use SQL Server Authentication.
4. Microsoft SQL Server using SQL Server Authentication: If you are using Microsoft SQL Server with SQL Server Authentication, then the SQL Server user must have access to the database to read, write and update data in the database. If you are continuing to see problems when using this scenario, check to make sure:
The SQL Server user has access to the database in read, write and update mode.
The SQL Server user’s password is correct.
The Microsoft SQL Server could be located on the same server or on a different server in this scenario, and either scenario should work as long as the SQL Server user name has appropriate permissions and the password is correct.
Iron Speed best practice recommends this approach for production systems when using Microsoft SQL Server in cases where No Anonymous Access is selected.
5. Oracle: If you are using an Oracle database, then the Oracle user must have access to the database to read, write and update data in the database. If you are continuing to see problems when using this scenario, check to make sure:
The Oracle user has access to the database in read, write and update mode.
The Oracle user’s password is correct.
The Oracle database could be located on the same server or on a different server in this scenario, and either scenario should work as long as the Oracle user name has appropriate permissions and the password is correct.
Iron Speed best practice recommends this approach for production systems when using Oracle in cases where No Anonymous Access is selected.
No Anonymous Access (Recommended for Development Environment)
Allow Anonymous Access (Recommended for Production Environment)
Remote Database Access through a Firewall
Application Runs But No Data is Displayed