ASP issue under IIS 7/Vista

I have a relatively straightforward dll, written in VB.net, kicked off from
ASP, that will not run properly on a Vista box. I believe I have covered
every security possibility (at least I think I have) and I thought I'd submit
this here.

The process is this:

We pass
1) an ID for a person in our database, and
2) an ID for an RTF format document (a standard form of some kind) to an ASP
page as follows:

forms_print.asp?custID=7004&formID=175

This RTF document has specially denoted fields on it, e.g. <> that
are to be replaced with data from the DB.

The ASP page
1) gets the data pertaining to the person from our DB as an XML document and,
2) calls the dll to do a "text replace", i.e. replace <> with the
actual last name of the person, then
3) opens the RTF document in Word or Word Viewer for printing or whatever
the user wishes.

This process works flawlessly under XP, but wont work under Vista. We have
reviewed permissions extensively (we believe), but just dont know where to
start to solve this problem.

I have written debugging capabilities into the process so that when
debugging is enabled I response.write replaced data found to the screen to
follow the process. In debug mode I get nothing from the page.

When not in debug mode, Word opens (2007 in this case) but only a blank
screen is document - no text.

Thanks!

Re: ASP issue under IIS 7/Vista

"day10" wrote in message
news:23A64BE0-95BF-4D83-BA6F-AB36D9330DC9@microsoft.com...
>I have a relatively straightforward dll, written in VB.net, kicked off from
> ASP, that will not run properly on a Vista box. I believe I have covered
> every security possibility (at least I think I have) and I thought I'd
> submit
> this here.
>

Have you really covered security on Vista? You dll may need to escalate
privileges as it runs on Vista, if that's what it's doing, and it doesn't
have the privileges to run on Vista properly. It's a possibility, if you
don't know about this.

http://blogs.msdn.com/shawnfa/archive/2006/04/06/568563.aspx

Re: ASP issue under IIS 7/Vista

I have not seen this before so please forgive me if this question seems too
simplistic:

On this dll, we have given Full Control to IUSR, IIS-IUSR, Everyone, etc. It
seems that anyone should be able to kick this thing off without issue. Does
this not accomplish essentially the same thing?

Thanks!

"Mr. Arnold" wrote:

>
> "day10" wrote in message
> news:23A64BE0-95BF-4D83-BA6F-AB36D9330DC9@microsoft.com...
> >I have a relatively straightforward dll, written in VB.net, kicked off from
> > ASP, that will not run properly on a Vista box. I believe I have covered
> > every security possibility (at least I think I have) and I thought I'd
> > submit
> > this here.
> >
>
> Have you really covered security on Vista? You dll may need to escalate
> privileges as it runs on Vista, if that's what it's doing, and it doesn't
> have the privileges to run on Vista properly. It's a possibility, if you
> don't know about this.
>
> http://blogs.msdn.com/shawnfa/archive/2006/04/06/568563.aspx
>
>

Re: ASP issue under IIS 7/Vista

"day10" wrote in message
news:9EEE1728-DE69-4757-A8B7-2C573D0C4E9B@microsoft.com...
>I have not seen this before so please forgive me if this question seems too
> simplistic:
>
> On this dll, we have given Full Control to IUSR, IIS-IUSR, Everyone, etc.
> It
> seems that anyone should be able to kick this thing off without issue.
> Does
> this not accomplish essentially the same thing?


It may or may not. You'll need to make that determination. I do know
Accounts with rights are no longer the factor they used to be in Vista like
previous versions of the NT classed O/S(s) such as XP and Win 2K, with
Vista's new security scheme. Even the user with Admin rights is locked down
and can only do certain things without escalating their privileges by using
Run As Administrator.

It may come that you have to use the Vista UAC manifest with the solution in
order to give the solution the credentials needed to present to Vista so
that Vista will allow the solution to run. I am just making you aware of
this. You'll need to do more research -- use Google.

Here is another link that talks about UAC and why a software developer may
have to deal with Vista's new security scheme. or maybe, it's IE7 if that is
being used that has broke the solution due to security, if IE7 is being
used.

http://blogs.zdnet.com/Ou/?p=785

Re: ASP issue under IIS 7/Vista

I will check this out - thanks again for your replies.

day10

"Mr. Arnold" wrote:

>
> "day10" wrote in message
> news:9EEE1728-DE69-4757-A8B7-2C573D0C4E9B@microsoft.com...
> >I have not seen this before so please forgive me if this question seems too
> > simplistic:
> >
> > On this dll, we have given Full Control to IUSR, IIS-IUSR, Everyone, etc.
> > It
> > seems that anyone should be able to kick this thing off without issue.
> > Does
> > this not accomplish essentially the same thing?
>
>
> It may or may not. You'll need to make that determination. I do know
> Accounts with rights are no longer the factor they used to be in Vista like
> previous versions of the NT classed O/S(s) such as XP and Win 2K, with
> Vista's new security scheme. Even the user with Admin rights is locked down
> and can only do certain things without escalating their privileges by using
> Run As Administrator.
>
> It may come that you have to use the Vista UAC manifest with the solution in
> order to give the solution the credentials needed to present to Vista so
> that Vista will allow the solution to run. I am just making you aware of
> this. You'll need to do more research -- use Google.
>
> Here is another link that talks about UAC and why a software developer may
> have to deal with Vista's new security scheme. or maybe, it's IE7 if that is
> being used that has broke the solution due to security, if IE7 is being
> used.
>
> http://blogs.zdnet.com/Ou/?p=785
>
>
>